Soooo, after a few evenings of work, I've 100% broken Widevine L3 DRM. Their Whitebox AES-128 implementation is vulnerable to the well-studied DFA attack, which can be used to recover the original key. Then you can decrypt the MPEG-CENC streams with plain old ffmpeg...
My attack was already automated and ran in under a second. The LUTs are already bundled with the binary, so I'm not quite sure what you mean by that?
-
-
I agree that rapidly changing the nature of the DRM would be a good solution though - but how do you get changes out fast enough to *all* clients?
-
It's a difficult problem to address indeed... Application security is tough especially when the environment is attacker-controlled. There's always trade-off between more layers of obfuscation or usability....
- 2 more replies
New conversation -
-
-
I meant automation of breaking wboxes every time they were changed....
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Is there a public whitepaper?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Did you try DCA attacks?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.