←back to thread

"Widevine Dump":Leaked Code Downloads HD Video from Disney+, Amazon, and Netflix

(torrentfreak.com)
449 points bertman | 1 comments | 27 Dec 21 12:55 UTC | HN request time: 0.209s | source
Show context
garblegarble ◴[27 Dec 21 15:05 UTC] No.29703013[source]
The repo readme is pretty telling - this is being leaked to force this particular key to be blacklisted, I guess one group annoyed with others and wanting to cut off their access (and presumably the leaking group already has other L1 keys so doesn't fear this key being burned...)
replies(3): >>29703084 #>>29703220 #>>29704610 #
charcircuit ◴[27 Dec 21 15:13 UTC] No.29703084[source]
or they had the skills to just dump it again

Edit: nvm I understood which key you were talking about. I would have replied, but I'm rate limited.

replies(1): >>29703102 #
garblegarble ◴[27 Dec 21 15:15 UTC] No.29703102[source]
Ah, I thought L1 keys were burned into hardware, so blacklisting this key was effectively blacklisting a bunch of Lenovo tablets from accessing 4K HDR streaming?

Edit: looks like I'm wrong about this, and the Widevine L1 keys can be changed with a firmware update. There's an interesting breakdown of how it works on Qualcomm chips here: http://bits-please.blogspot.com/2016/04/exploring-qualcomms-...

replies(2): >>29703560 #>>29704941 #
1. NavinF ◴[27 Dec 21 18:07 UTC] No.29704941[source]
Would they release a firmware update with new keys though? If they can’t fix the vulnerability, the new keys would get dumped just like the old ones.