spel987 Posted March 23, 2023 Share Posted March 23, 2023 Hi! I'm new here. I have a little problem that I can't solve. I'm trying (for educational purposes of course) to download DRM-protected replays from TF1 (French TV channel). The thing is that to decrypt these DRM videos, you need a special key. This key is obtained by requesting the license server. I found this license server (https://drm-wide.tf1.fr/proxy). I even managed to get the video to play on a third-party site specializing in the subject (https://reference.dashif.org/dash.js/v3.0.3/samples/dash-if-reference-player/index.html). I just specified my MPD file, my license server, and that this server was "widevine". Anyway, the video runs on the site without any problem. So I thought that the key was in one of the requests made to the TF1 license server. When you launch a replay video, two requests are made to the license server. Two requests are made to the license server. The body of the first request never changes and the answer does not change either. However, for the second one both change. I put in a text file the two requests for test content (Grey's Anatomy) present on the TF1 website and protected by DRM. When I decode it, the characters are almost unreadable. I don't know if the DRM decryption key is present in the answer to the second request. I've been working on this problem for a week now and I can't find an answer on the internet. Thanks in advance! Screenshot 1 : https://postimg.cc/N58YBGSd Screenshot 2 : https://postimg.cc/Wd2V3LPT license_server_response.txt Quote Link to comment Share on other sites More sharing options...
DLord Posted March 24, 2023 Share Posted March 24, 2023 (edited) This is what I could extract/decode from the two base 64 sections of the text file so far: section 1: Spoiler GUID: b0a4b0d4-4a4c-4b92-a536-1be2042bfe89 Method: POST Path: /license.widevine.com Headers: Accept-Encoding: gzip Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Data: request={"Info/Script/protocol/localense.scriptRequest":{"Subject":""20230330000"@SAPORT-UND COMMON"},"ProtocolRequest":{"userManager":"ItemServiceUser","ItemsResponse":true},"PropertiesRequest":{}} POST /license.widevine.com HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 637 license_request=<?xml version="1.0" encoding="UTF-8"?> <ckb:licenseRequest xmlns:ckb="urn:ietf:params:xml:ns:cablelabs_mdex:core:1.0"> <ckb:version>1.0</ckb:version> <ckb:drmSystemId>urn:dvb:casystemid:19219</ckb:drmSystemId> <ckb:casystemId>widevine_test</ckb:casystemId> <ckb:provider>test</ckb:provider> <ckb:deviceId>f3ee3d3a-dec2-4f7f-b9ac-05fa28b63f06</ckb:deviceId> <ckb:deviceType>smarttv</ckb:deviceType> <ckb:authToken>1234567890abcdef</ckb:authToken> <ckb:protocolVersion>1</ckb:protocolVersion> <ckb:ticketType>short</ckb:ticketType> <ckb:certificateType>x509</ckb:certificateType> <ckb:serviceLocation>http://license.widevine.com</ckb:serviceLocation> <ckb:certificateDelivery>download</ckb:certificateDelivery> <ckb:signatureType>rsa</ckb:signatureType> <ckb:signature>fake_signature</ckb:signature> </ckb:licenseRequest> section 2: Spoiler COMMAND STATUS: OK RESULT: Success LICENSE.widevine.com I will further look into it when I have more time, specially the second section that should contain more data to extract. Edited March 24, 2023 by DLord spel987 1 Quote Link to comment Share on other sites More sharing options...
DLord Posted March 24, 2023 Share Posted March 24, 2023 (edited) Update on the second section: Spoiler possible algorithm and keys to try to further decode the server response: {"alg":"HS256","typ":"JWT"}{"sub":"user1","iat":1619420945,"exp":1619421005} {"algorithm":"hmac-sha256","header":{"alg":"HS256","kid":"4f8d961c"},"payload":"{\"iat\":1648231246,\"exp\":1648241246,\"sub\":\"16676667269\"}"} {"keys":[{"kty":"oct","alg":"A128KW","kid":"8oysQun9xfjnJjK1cWl8m7VlRik","k":"SCVQwq3A8jh07ay0dXjKxg"}]} and another piece of data to consider: {"request":{"media":"Wp8r6g==","drm_type":"widevine","content_type":"webm","license_url":"https://license.widevine.com/cenc/getlicense","license_params":"eyJjb250ZW50X3RhcmdldF9jb250ZW50Ijoic3RhdGljX3Nlc3Npb24ifQ=="}} Any further data might be beyond educational purposes, if not already . So best of luck. Edited March 24, 2023 by DLord spel987 and tonyweb 1 1 Quote Link to comment Share on other sites More sharing options...
spel987 Posted March 24, 2023 Author Share Posted March 24, 2023 (edited) Hello and thank you very much for your quick answer, it helps me a lot. I will test all this in detail from the information I have found on my side. I precise to everyone that I don't want to break anything or bypass protections and go against the law, but to learn new knowledge and improve a personal open-source project which here is the link: https://github.com/Nathoune987/TF1-Downloader . TF1 is one of the biggest French TV channels, and they don't have any options to download replays. These replays are free, however, you must create an account on their platform to watch them. That's why I developed this project to download videos for personal use. I base my project on the functioning of a known piece of software called "Captvty" (https://captvty.fr/) that is legal and maintained by a French developer. My Python script downloads all the video and audio segments of the contents available in replay from the TF1 servers and then assembles them with FFmpeg. @DLord Once again, thank you for your answers. I'd appreciate automating the decryption process in my project instead of using tedious and complicated solutions as I did with the Selenium library. Could you explain to me quickly how you did to get this information? I will then use your advice to program a decryption function. Again, I'm not trying to circumvent the law, but to download free videos for my private use (of course, I don't share the videos on the Internet). If you wish, we can discuss this in PM or stay here. Best regards, Nathoune Edited March 25, 2023 by Nathoune987 The GitHub link does not work Quote Link to comment Share on other sites More sharing options...
DLord Posted March 25, 2023 Share Posted March 25, 2023 15 hours ago, Nathoune987 said: Hello and thank you very much for your quick answer, it helps me a lot. I will test all this in detail from the information I have found on my side. I precise to everyone that I don't want to break anything or bypass protections and go against the law, but to learn new knowledge and improve a personal open-source project which here is the link: https://github.com/Nathoune987/TF1-Downloader. TF1 is one of the biggest French TV channels, and they don't have any options to download replays. These replays are free, however, you must create an account on their platform to watch them. That's why I developed this project to download videos for personal use. I base my project on the functioning of a known piece of software called "Captvty" (https://captvty.fr/) that is legal and maintained by a French developer. My Python script downloads all the video and audio segments of the contents available in replay from the TF1 servers and then assembles them with FFmpeg. @DLord Once again, thank you for your answers. I'd appreciate automating the decryption process in my project instead of using tedious and complicated solutions as I did with the Selenium library. Could you explain to me quickly how you did to get this information? I will then use your advice to program a decryption function. Again, I'm not trying to circumvent the law, but to download free videos for my private use (of course, I don't share the videos on the Internet). If you wish, we can discuss this in PM or stay here. Best regards, Nathoune First, thank you for the clarification; but decoding a DRM key on a media delivery server isn't legal by any definition, regardless of the content. But hey, your project, your choice. Second, your TF1-Downloader project page isn't accessible directly through the provided link. I had to go to your main github page and then navigate from there; and then not understanding much as it's in French! Third, as for the decoding process, well to be short you have to keep in mind that you are dealing with a base64 server response to a POST request. So there will be different pieces, in different formats such as json, xml, yaml, etc. Another point that helps is to keep in mind all possible format/coding/encryption etc. that could have been used on the backend, when you are looking at the raw data. Also, at times you decode the whole string to find out another string to be decoded within it! It's a complicated process that at times yields different acceptable outputs that you have to try to validate one by one. It's a process with many hit and miss chances. I even decoded your data once to what closely looked like a PayPal transaction token!!! So be very careful with the decoded data and validate it thoroughly, hopefully not against the real server Perhaps an easier way would be to create a free account on TF1 and download/extract the replays from there. spel987 1 Quote Link to comment Share on other sites More sharing options...
spel987 Posted March 25, 2023 Author Share Posted March 25, 2023 Thank you again for your time in responding to my problem. I'll see what I can do with the information you've given me, but unfortunately, I don't think I can do much good with it. I insist on the fact that every time I decode the response in Base64, I get unreadable strings, except the URL of the requesting server and the date and time. These pieces of information appear right in the middle of the response without me knowing what exactly it corresponds to, so I'm a bit blocked. 😕 Without wanting to be insistent, can I ask you again how you decoded the response in the main lines? On my side, I don't find anything satisfactory and exploitable as such by trying various manipulations. For example, the site base64decode.org allows to decode strings in Base64 returns me the explained result, and this, whatever the encoding used. Anyway, thanks again! You've helped me to think about my project! Quote Link to comment Share on other sites More sharing options...
Solution DLord Posted March 26, 2023 Solution Share Posted March 26, 2023 11 hours ago, Nathoune987 said: Thank you again for your time in responding to my problem. I'll see what I can do with the information you've given me, but unfortunately, I don't think I can do much good with it. I insist on the fact that every time I decode the response in Base64, I get unreadable strings, except the URL of the requesting server and the date and time. These pieces of information appear right in the middle of the response without me knowing what exactly it corresponds to, so I'm a bit blocked. 😕 Without wanting to be insistent, can I ask you again how you decoded the response in the main lines? On my side, I don't find anything satisfactory and exploitable as such by trying various manipulations. For example, the site base64decode.org allows to decode strings in Base64 returns me the explained result, and this, whatever the encoding used. Anyway, thanks again! You've helped me to think about my project! Well my friend, I am happy that I could help, even if so little. To be honest, the process of analyzing the data and decoding it, is a complex process like I said. It takes lot of trial and error and it requires lot of time and prior knowledge. I wish it had a simple way of doing or a simple tool that I could point you to. You have to have lot of experience and computer science skill/knowledge; and then try over and over to get something out of it, if you get lucky. There is no magic bullet when it comes to decrypting data. Just looking at it as a Base64 string would not help. Keep in mind that you are not dealing with a simple ASCII text encoded in Base64. For example, a JSON object containing metadata encoded in Base64, would not appear to be readable even after decoding. You just have to know about these data types and the different ways to format them to recognize them when you see it. Even for me, it took many hours to even get that little information, applying all I have learned in so many years and still I cannot be sure that the decoded data it completely accurate. FYI I started coding/programming decades ago on a Commodore 128! 👴 spel987 1 Quote Link to comment Share on other sites More sharing options...
jayballs Posted April 25, 2023 Share Posted April 25, 2023 (edited) I know I'm late. Im not going to write on what already has been said. So besides on whats written. This part of the address caught my attention Quote &rn=1 Quote https://github.com/Catch-up-TV-and-More/plugin.video.catchuptvandmore/commit/392d625515d13be46d6b7be40995663649302fda This is propably a SQL Server. The github may point you in the right direction? Edited April 26, 2023 by jayballs added github Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.