Most active commenters

    ←back to thread

    "Widevine Dump":Leaked Code Downloads HD Video from Disney+, Amazon, and Netflix

    (torrentfreak.com)
    449 points bertman | 17 comments | 27 Dec 21 12:55 UTC | HN request time: 0.427s | source | bottom
    1. sydthrowaway ◴[27 Dec 21 14:25 UTC] No.29702696[source]
    I've often wondered how easy it would be for people in the scene to rip Netflix or others streaming content. Isn't it as simple as getting the URL of the video player element in the browser and using cURL or wget?
    replies(5): >>29702739 #>>29702740 #>>29702745 #>>29702784 #>>29703754 #
    2. saurik ◴[27 Dec 21 14:31 UTC] No.29702739[source]
    Netflix is not just like <video src="something I could put into VLC">... DRM is often said to be "broken by design" but it is an actual thing you have to defeat, not some lie told to scare you away.
    3. alt227 ◴[27 Dec 21 14:31 UTC] No.29702740[source]
    It is, but the resulting files are encrypted. Hence this post being about exposing CDMs (Content Decryption Modules). These use decryption keys obtained through hacking or paying internal staff. Once the decryption keys are exposed like this then the content providers 'burn'; them and generate new ones meaning the process has to start over again.
    replies(1): >>29702831 #
    4. 0x0000000 ◴[27 Dec 21 14:32 UTC] No.29702745[source]
    No, because the video is protected with the Widevine DRM. You can't just curl a resource, you will not get a usable output.

    That said, it can't be all too hard as Netflix exclusives are all over the open seas.

    replies(1): >>29702756 #
    5. themitigating ◴[27 Dec 21 14:33 UTC] No.29702756[source]
    There's a software kit distributed in "the scene" that downloads and decrypts Netflix content
    6. waltbosz ◴[27 Dec 21 14:36 UTC] No.29702784[source]
    It's not that simple. The video files are chopped up into pieces for streaming, so what you would download (assuming wget would handle the stream) are thousands of tiny files. You could reassemble them with ffmpeg, but first you'd need to decrypt them. It's the encryption that these leaked scripts take care of.
    7. ordx ◴[27 Dec 21 14:42 UTC] No.29702831[source]
    I assume at some point Widevine plugin decrypts these files to display the actual video stream in the browser, correct? Why don't they capture already decrypted stream?
    replies(4): >>29702898 #>>29702911 #>>29704039 #>>29704316 #
    8. e3bc54b2 ◴[27 Dec 21 14:51 UTC] No.29702898{3}[source]
    That's why they now embed displays with verification modules. Basically whole stack from server to your display is a giant chain verifying you are not doing what they don't want you to do.
    replies(2): >>29702944 #>>29703186 #
    9. Scoundreller ◴[27 Dec 21 14:53 UTC] No.29702911{3}[source]
    My thought is that the decryption and decompression are interlinked.

    So while it’s relatively easy to get the raw stream, if you want to re-distribute it, you’ll have to compress it again.

    With these leaks, you can get the compressed and decrypted files and re-distribute without any added compression loss.

    Maybe I’m wrong, but it’s the only thing that makes sense to me.

    10. Scoundreller ◴[27 Dec 21 14:56 UTC] No.29702944{4}[source]
    Though often they get it wrong, like when I bought a movie off Apple and it errored when I screen mirrored to my dumb TV and it’s back to piracy first for me.
    replies(1): >>29719635 #
    11. GekkePrutser ◴[27 Dec 21 15:23 UTC] No.29703186{4}[source]
    And see how well it works. 2 hours after airing everything is online. The only ones they're giving any hassle are legitimate consumers.
    replies(2): >>29703790 #>>29709676 #
    12. alibert ◴[27 Dec 21 16:22 UTC] No.29703754[source]
    I think there is actually no challenge to rip them because everything streamed seems to be almost immediately available for download in the original bitstream format without any recompression (at least for 1080p content).
    13. malermeister ◴[27 Dec 21 16:26 UTC] No.29703790{5}[source]
    This is a similar charade to airport security: It doesn't actually do anything but satisfy a bunch of suits and create some pointless jobs around it.
    14. 323 ◴[27 Dec 21 16:48 UTC] No.29704039{3}[source]
    It depends. Today there are APIs which allow the actual decryption to be done directly on the GPU, while requesting the GPU to not allow the sharing/capturing of those decrypted images.
    15. kingcharles ◴[27 Dec 21 17:11 UTC] No.29704316{3}[source]
    You are technically correct. The stupid thing about DRM is that the player has to download the decryption keys into the RAM of the player. All these players do is try to obfuscate the keys so they can't be accessed very easily. When you see these proper rips out there they are being done by groups who extracted a decryption key from the player and used that to unencrypt the stream.

    DRM is dumb. I used to work on DRM. It was dumb then, it's dumb now.

    16. e3bc54b2 ◴[28 Dec 21 02:39 UTC] No.29709676{5}[source]
    These things are designed to hassle legitimate customers only. Pirates are never going to pay anyway. DRM is so they can squeeze more out of paying customers.
    17. ArchOversight ◴[28 Dec 21 23:30 UTC] No.29719635{5}[source]
    Your dumb TV doesn't have the appropriate HDCP chips, which is why it errored. Your computer didn't know whether it was a dumb TV or if it was an HDMI capture card ready to rip the movie...

    Not that I agree with the practice.