Soooo, after a few evenings of work, I've 100% broken Widevine L3 DRM. Their Whitebox AES-128 implementation is vulnerable to the well-studied DFA attack, which can be used to recover the original key. Then you can decrypt the MPEG-CENC streams with plain old ffmpeg...
You can avoid this paradox by decrypting and decoding/decompressing the media inside the same black box. The security of this black box defines the security of the DRM (e.g. software obfuscation only, or hardware assisted, like TrustZone or SGX)