pywidevine icon indicating copy to clipboard operation
pywidevine copied to clipboard

Published 20 hours ago verified publisher icon devine-dl

Support for Licenses with a 128-byte Session Key

Open EatThisRock opened this issue 3 years ago • 6 comments

I've noticed that on Chrome license's responses, the session key which is normally 256 bytes long to match the length of the device private key, now is 128 bytes. It seems to suggest it is decrypted with a less secure private key (very unlikely) or the device private key is used elsewhere and differently.

I am not sure if I am missing anything or I am misunderstanding, but has this been noted or researched? or maybe this is on web based CDM's only? Padding the session key is not an option that works.

EatThisRock avatar Nov 02 '22 06:11 EatThisRock

Could you send a License Response in Base64 for me to take a look? What version of Chrome are you on, and is it beta or stable?

rlaphoenix avatar Nov 02 '22 07:11 rlaphoenix

Sure, CAISlwUKKgoQ5T7fYkLzm1bqmuUFW8+J0hII0Tb66uxPiKogASgAOABAAEji/YqbBhIjCAEQABgBIOCoASgAMOCoATiA54QPQgBIAFAAWABgAHAAeAEaZhIQkNSaA9/ZTW0ixDbXXS4KDRpQnhB1DKh4OTOwDk1RtDnF8tDZn0W9NSVHjTTGxCMfyuy8NKwyTh8pShi8j7UeG8RpqU6sA4fcRKHkbHoQxQupDG5H1GTCamXgj8HqBSkH6eQgARpyChABAGi9OTZNmFqvXvmer5IIEhA6mDua7TqySSfuH1bniJ4aGiCbX17NMfYu+1lC4kSqRpSP0pjBh5MVBsukuC5EweTr9iACKAEyCAgAECoYACAAOggIABAqGAAgAEISChBrYzE2AABUYMFdu0SgAAAIGnIKEAEFSZk3aN8Jjaf+pWaIAFsSELkRjA8yMydGdSqIR5BsncAaIEUfam4c4UJA6WaDkr7ye4jn1nlR2xH1/7YrKkTtlrXGIAIoBDIICAEQKhgAIAA6CAgAECoYACAAQhIKEGtjMTYAAFRgwV27ROwAAgwacgoQAQIrdxRoWSsjWp3hiBDfchIQ+Vw+66vDCzVVEL185cES6RogxMzbDDIQvnNo74oyBDZnNi+VkSCTbruy3BC+Cx3KC6AgAigCMggIARAqGAAgADoICAAQKhgAIABCEgoQa2MxNgAAVGDBXbtE5AACDBpyChABAXWklYgUevx0rosVGv/iEhAemqJkjrxi7LavoG+P2gEqGiDgg4mYkcEJAOZmnLMD1PVOCLbyTWpFbUBKAW7X0ecnQyACKAEyCAgAECoYACAAOggIABAqGAAgAEISChBrYzE2AABUYMFdu0SgAAAIIOL9ipsGOOPclZsGUAUaIInhj78Ba8e0aqaoYIFonvurpC8NIxZWjGrWbb1CiQjfIoABjYozicuHHEwRDzgKgM72b1BApGJHDNhVK9OjOC0THuCW0K1VqZCct/Bp8UcsOs2JhAYFM46cuCDJapWv8P8oY/UlNLAmJ82J228svsjmYZc82VrnRUmCOb2oeW4UtcGPC3GF//VNxr+ANmp89gn4kBi+BfrGMdUiQnnpnPn9SH06CAoGMTcuMC4xQAFKqAIAAAACAAABKAAFABDBXbtEIRVJAgAAAFUAAAAQAAAAZwAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAVGAAAAAAAAAAAAAAAAAB4TOAAAAABAAAAL0AAAAQAAAAzwAAABAAAADhAAAAEAAAAAAAAAAAAAABHQAAABAAAAExAAAAEAAAAUMAAAAQAAABVQAAABAAAAAAAAAAAAAAAZEAAAAQAAABpQAAABAAAAG3AAAAEAAAAckAAAAQAAAAAAAAAAAAAAIFAAAAEAAAAhkAAAAQAAACKwAAABAAAAI9AAAAEAAAAAAAAAAAAAABHQAAABB2v5CVIOZO45HO0nAf2EaAbxbRUuS5D4SZi4jWJjRKJ1gB

This is from the newest Chrome CDM version, pretty sure it was like that too on the previous version.

Chrome version: 107.0.5304.88 and CDM: 4.10.2557.0

EatThisRock avatar Nov 02 '22 20:11 EatThisRock

Yeah I can confirm that is only 128 bytes somehow. All Chrome CDMs v4.10.2449.0 and older do 256 bytes like normal. I wonder if v4.10.2540.0 is like this as well, as that reportedly uses the same private key.

rlaphoenix avatar Nov 02 '22 22:11 rlaphoenix

I think I also had seen this on 4.10.2449.0, is probably a slight different key request/response approach on Chrome only, I've only noticed it on Licenses generated by Chrome. The license request for this license was not crafted by me or using your project. But is an interesting change nevertheless.

EatThisRock avatar Nov 03 '22 00:11 EatThisRock

Hi @EatThisRock and @rlaphoenix , How do you know that response license is 128bit?

We aren't referring to the License, we are referring to the Session Key within the license.

I'm facing the same issue. In my Android device, CDM still works well, but in pywidevine, it always reports that: error parsing message .

This would be unrelated. You are likely not passing the correct value back to the CDM. Another user had this similar mistake see https://github.com/rlaphoenix/pywidevine/issues/25

I've already decode license from base64 (Like @EatThisRock's format, start with CAISlwUKKgoQ5T.... in Chrome for Windows, but it's different in Android) to binary then pass to CDM.

You don't need to Base64 decode it, Pywidevine does that for you.

rlaphoenix avatar Apr 06 '23 09:04 rlaphoenix

{ "ec": 0, "license": "U01XVgAAAzMAAABrAiQQEAILCg4NDwAJDAMHCAYBBGyElOBugllIM/kc1N1PDEEAAABAxdEiheOe/xemrHkTVRhmkO/3LQ29nEAQDhKEIeQULE/tMLJ1a6OdHst5ktk5MLY+orekgOUHtRBROK9i5N5TVbVRtcGfIdJ8UTQ3x4VsUuMeK4slCSIEBcF3HZPK3hnnR5dTnMxAcO4/7QiNWbYZYQjIXiiR1QC4+I9ckvn9qk81IImIegZ0JeyCP+PjOGgZSPiyyjsb71+4sAUxzvhifLXfqhRjlQu0TsQbZOpfqG+g41rN+ExQUjOKBEhHW45js3HHoWi5cLJShcnz51qbgY/KAWTfDIPKdbsOrrWnuGrosRjblCQpnI+B2PBPrS6tHIpufK2gNqAqudE+OZFm4dwh5n2ehp7JTALXE9gh4CrLvzonO918K47zsl7eft+0i7YmUgfka97v3KW0JLEkB9GoAj0Dz+UXm3JJbQp7OL0+toklZfgxifDoxPE3cL4YTTg1ipOZWQ4Z5n01Q0TT3+lQpocAyyRr4ABFP28fsT2k82cc2hE1fworz3gff8Komr1unFZ5JP/e1r03E7KQNcUcLzcC6kH75cSU6tx1OeSVgKceQXFNZ4ff+dheoNKes3o8rj0rTxomNPwNrEbDOsc1rrjAIqiS4l57TP3bUj35KrXr+dsgXUHZrtHHk7vMXx1vPX6jpByKI+LV0yT/w19Q0eLoJr6hsW8UMx8nXJ0OOxGlorNSB3hOks1SPVFDFGlQqYTtQDMkQe3zs4n3hfAbEoJHljULtz1Ck4IVvTgVBi8mSR+bqoNX7OKrmBheU9II5L0lYG0kaGWwlDyQ0qQ9GEJ8Lo9qiIM4LOK73xPcwJBCXD+2Nk25kzDezukRSn8K2cgbkmSYqqSQGTQmQfHKnjg4EuJ/HmmeBMbdzBkRYbjF0dlMsGZykskdRr3B34wN53nn9MnfO7CzvCLOJp9stPkeSvi5Qp4uNTdEDENTJ7tciCeUv9TNw8Edp4FXuYHN0a0VzqBy+GwxcD/DWhJeqPbERR8aYVLu912tZ9lWsCw+yUnWj9rzZgQxBwfH", "clientInfo": { "signature": "C7E1E476CBC1AB070EAE801654D3A064853F4AD3", "appVersionCode": 276, "appVersion": "3.3", "packageId": "com.viettel.tv360", "buildBoard": "exynos9825", "buildHost": "21DK7A07", "packageName": "TV360", "sdkVersion": "31", "deviceId": "4f13a24e46763182", "deviceModel": "SM-N970F", "packerVersion": "1.0.3", "brand": "samsung", "osVersion": "12", "buildProduct": "d1xx", "manufacture": "samsung", "cpuInfo": "exynos9825", "osBuild": "SP1A.210812.016.N970FXXS8HWD3", "platform": "android", "deviceName": "d1", "fingerprint": "samsung/d1xx/d1:12/SP1A.210812.016/N970FXXS8HWD3:user/release-keys" } is there any direction to parse the response and get the key

EBSsss1 avatar Aug 16 '23 05:08 EBSsss1