Google's Widevine L3 DRM Cracked

[goodtofufriday]

Source 1 : https://www.pcmag.com/news/365713/report-googles-widevine-l3-drm-cracked

 

Source 2: https://www.androidpolice.com/2019/01/02/googles-widevine-l3-drm-used-by-netflix-hulu-and-hbo-has-been-broken/

 

Quote

This week a security researcher by the name of David Buchanan claims to have cracked one of Google's DRM implementations used to protect streaming media on services such as Netflix, Hulu, and Amazon Video. The crack was possible not because of a bug, but due to a "flaw in the DRM design."

When you load up your favorite streaming service on a smartphone, tablet, or TV, it's easy to forget that the content you are watching is protected by digital rights management (DRM). The DRM is present to stop unauthorized recording and copying of the content, but hackers and researchers are constantly working to try and beat the DRM and unlock the content.

[...]

It may be the case that Google already knows about Widevine L3 being cracked and is working to improve the security surrounding it. But if Buchanan is right in stating a flaw in the design means it can't be fixed, Widevine L3 DRM could be rendered useless.

Original Tweet:

 

 

 

 

Interesting to learn that what is effectively a simple flaw can render this DRM completely useless, with existing attacks no less. As this DRM is mostly for android i dont see it as being detrimental just yet, but if left unpatched then I'm sure some content providers will stop servicing to android systems until it is. But what makes that complicated is that the flaw is this DRM is in its base design, as such it can't simply be patched out (ala intel specter flaws). It's a waiting game to see how this goes. I personally use android devices to stream to my TV instead of cable, so it has the potential to affect me directly.

I think it's irresponsible to disclose this flaw publicly before reporting it to google. 

 

[Bananasplit_00]

yay, now we get to have even more intrusive and performance eating DRMs!

[LukeSavenije]

woohoo, piracy gets interesting again!

 

/jk

[D13H4RD]

I don't think I've yet to see a case where they make a form of DRM that's really difficult to crack.

[RobbinM]

It still surprises me that there is no DRM capable digital to analog converter that not actually converts to analog.

[Salv8 (sam)]

yay we can finally use Netflix without it's DRM bullshit...

[Syntaxvgm]

Given this was flawless, it's not like people weren't just gonna record the screen. 

 

I see the future- personalized streams with identifying content secretly embedded into the video to prosecute some and scare others.  I can think of ways around that, wouldn't work forever, but would work when you didn't know it was there yet and manage to scare some off the scene. 

[RejZoR]

12 hours ago, LukeSavenije said:

woohoo, piracy gets interesting again!

 

/jk

No, it just means non pirates will get more DRM shit shoved down their throats...

[PlayStation 2]

Then there's Fox, they don't even bother with any sort of DRM with their streamed content on their sites (namely the FX site and Fox News, not sure if the main Fox site is in the same camp) and you don't see people bothering to rip from there.

[Thaldor]

I don't even... Who the FUCK is so stupid that shovels money to DRM video?!? Do we really pay for this shit?!? It's not broken by design, it's broken by the idea alone in the first place. Like it would need a rocket scientist or the criminal mastermind to just capture the the video after it has been converted to analog when all of those expensive and glittering litte DRMs can't do a shit to protect it.

 

Are every "expert" in companies people that have no idea what is going on in the real world and they just try to fight the skycrapers with soft, wet toothpicks? Like literaly I remember how much Sony and other record companies stuffed money to DRM the music CDs and only thing it did was to fuck with the "legal" customers, because even a 1 year old disabled kid knew that the whole thing was broken with one single thing: headphonejack. They spent probably millions to develope a DRM and all it did was check that the CD player supported it and all you needed to play those cancer-discs in your PC was something like 20€ Walkman and 3.5mm male-to-male stereo cable. Same thing with the Spotify, of course it would be 100-times easier to just crack the DRM and download the music, but all you need is something that can record from external microphone and that same 3.5mm male-to-male stereo cable.

[Commodus]

22 hours ago, Salv8 (sam) said:

yay we can finally use Netflix without it's DRM bullshit...

It's a streaming service that already offers offline downloads and is available on virtually every platform known to humankind.  The only reason you'd 'need' to eliminate the DRM is for stealing shows.  While I believe you shouldn't have DRM on permanent downloads, Netflix is entirely right to use it in a case where access is contingent on staying subscribed.

[jagdtigger]

10 hours ago, RejZoR said:

No, it just means non pirates will get more DRM shit shoved down their throats...

And this is why DRM is like pouring gasoline onto open flame. DRM only frustrates paying customers, and at one point they loose their patience and become pirates themselves. Its amusing how those idiots at the top still didnt realized that the source of their problem are non other than themselves...

[DrMacintosh]

23 hours ago, goodtofufriday said:

this DRM is mostly for android

Almost every smartTV on the planet runs Android, including mine.....

 

So like when can I use this exploit to record 4K Netflix? 

[Guest]

6 hours ago, DrMacintosh said:

Almost every smartTV on the planet runs Android, including mine.....

 

So like when can I use this exploit to record 4K Netflix? 

I use an Apple TV

[williamcll]

I thought most people pirate video from ripping.

[LAwLz]

18 hours ago, DrMacintosh said:

Almost every smartTV on the planet runs Android, including mine.....

 

So like when can I use this exploit to record 4K Netflix? 

Are you sure about that? Neither LG nor Samsung TVs run Android. Seems like it's mostly Philips and Sony that use Android for their TVs.

Most other run their own proprietary GNU/Linux distros.

 

18 hours ago, Commodus said:

It's a streaming service that already offers offline downloads and is available on virtually every platform known to humankind.  The only reason you'd 'need' to eliminate the DRM is for stealing shows.  While I believe you shouldn't have DRM on permanent downloads, Netflix is entirely right to use it in a case where access is contingent on staying subscribed. 

That's not true. Some examples where Netflix's DRM can fuck you over:

1) You have downloaded to the show on your smartphone, but suddenly want to watch it on for example your friends tablet, or your laptop, or something else. Being able to move the file is really handy and not possible with Netflix.

2) What if you want to use a different video player which has some other feature the Netflix one don't have? Like styling subtitles, replacing subtitles completely, load a commentary track, higher quality scaling?

3) Not all video qualities are available with certain DRMs, on certain devices. My computer is more than capable of playing the UHD Netflix files, but because of DRM I can't do it.

[jagdtigger]

17 minutes ago, LAwLz said:

My computer is more than capable of playing the UHD Netflix files, but because of DRM I can't do it.

Not only that, but if you fed up with windows like me and move to linux then you are stuck on 720p...

[Commodus]

2 hours ago, LAwLz said:

That's not true. Some examples where Netflix's DRM can fuck you over:

1) You have downloaded to the show on your smartphone, but suddenly want to watch it on for example your friends tablet, or your laptop, or something else. Being able to move the file is really handy and not possible with Netflix.

2) What if you want to use a different video player which has some other feature the Netflix one don't have? Like styling subtitles, replacing subtitles completely, load a commentary track, higher quality scaling?

3) Not all video qualities are available with certain DRMs, on certain devices. My computer is more than capable of playing the UHD Netflix files, but because of DRM I can't do it.

1.  Unless you can't re-download the file at all, this isn't necessary.

2.  This is not 'fucking you over.'  This is a luxury.  Styling subtitles, really?

3.  This sucks, but you can still play the video in reasonably good quality.  It's unfortunate, but not a tragedy.

 

And besides, you know damn well what would happen if Netflix pulled DRM.  Offline downloads would go away; certain content providers would remove their shows; pirated copies would be easier to find. You'd gain a handful of nice-to-have conveniences in return for a serious degradation of the overall service.  I fully support axing DRM on purchases, but it exists for subscription services precisely to maintain the business model -- you have access as long as you keep subscribing.

[duncannah]

Does this mean I can watch Netflix over 480p on my phone now? Torrenting on mobile is a bit cumbersome, you know

[jagdtigger]

1 hour ago, Commodus said:

1.  Unless you can't re-download the file at all, this isn't necessary.

Or you are on mobile data.....

1 hour ago, Commodus said:

3.  This sucks, but you can still play the video in reasonably good quality.  It's unfortunate, but not a tragedy.

It is when i pay for 4k plan, but get 720p because of BS DRM....

 

1 hour ago, Commodus said:

pirated copies would be easier to find.

Its pretty easy to find them anyway...

 

1 hour ago, Commodus said:

but it exists for subscription services precisely to maintain the business model

Anyone who doesnt want to pay will pirate it(because like in this case it will get cracked, or circumvented) and have less hassle with it. So whats the point in pissing off your paying customer base with BS arbitrary limitations?

[LAwLz]

1 hour ago, Commodus said:

1.  Unless you can't re-download the file at all, this isn't necessary.

Redownloading takes time and wastes data, and like you said it might not be possible at all times.

Even if it is possible to work around these idiotic limitations of the Netflix DRM, it is still a hindrance and inconvenience for the users. You can give me more workarounds if you want, but at the end of the day it does mean you are more restricted than if the DRM was removed.

 

1 hour ago, Commodus said:

2.  This is not 'fucking you over.'  This is a luxury.  Styling subtitles, really?

Please do not ignore the other benefits of a different player I mentioned, such as different audio tracks and higher quality upscaling.

And yes, I do like styled subtitles. The default Netflix ones looks terrible.

 

1 hour ago, Commodus said:

3.  This sucks, but you can still play the video in reasonably good quality.  It's unfortunate, but not a tragedy.

When did I say it was a tragedy? All I wanted to show is that pirating content, especially if it's a direct site rip like what might be possible now, provides a higher quality experience to the end user. More flexibility in how the content is played, more features (like for example adding a commentary track to the movie), better quality (no restrictions on which device can play what quality, better post processing compared to the default player) and so on.

 

 

You might say I don't "need" those things, but by that logic we don't need Netflix at all.

My point is that to the end users, Netflix without DRM is an objectively better service than Netflix with DRM.

 

1 hour ago, Commodus said:

And besides, you know damn well what would happen if Netflix pulled DRM.  Offline downloads would go away; certain content providers would remove their shows; pirated copies would be easier to find. You'd gain a handful of nice-to-have conveniences in return for a serious degradation of the overall service.  I fully support axing DRM on purchases, but it exists for subscription services precisely to maintain the business model -- you have access as long as you keep subscribing. 

Absolutely agree that some providers would pull their content off the platform, but that's because the content providers are still stuck on this false idea that DRM is absolutely necessary, even though there is a lack of evidence to support their opinions.

 

There is no reason why Offline downloads would go away. In fact, if the DRM was removed Netflix would have a stronger reason than ever to keep it. It's better to keep people using your own app, rather than make people move to a third party program.

 

And pirated copies would be easier to find? Please... Netflix content is already all over the web. The only difference would be that the pirated copies would have a better quality or smaller file size compared to the current copies. Netflix's DRM doesn't do jack shit to prevent people from pirating the content.

[Drak3]

21 hours ago, DrMacintosh said:

Almost every smartTV on the planet runs Android

LG TVs use WebOS.

Samsung TVs use Tizen.

Neither ever used Android TV.

 

Haier, Hitachi, Insignia, and Sharp use Roku TV.

 

Panasonic uses Firefox OS TV.

 

 

That's pretty far from every SmartTV.

[Commodus]

1 hour ago, LAwLz said:

Redownloading takes time and wastes data, and like you said it might not be possible at all times.

Even if it is possible to work around these idiotic limitations of the Netflix DRM, it is still a hindrance and inconvenience for the users. You can give me more workarounds if you want, but at the end of the day it does mean you are more restricted than if the DRM was removed.

The point is that you're not really 'stuck' like you implied.  If you can afford to download an episode or a season of a show, you're probably not so tightly metered that you have to choose between downloading that show again and listening to Spotify that month.

 

1 hour ago, LAwLz said:

Please do not ignore the other benefits of a different player I mentioned, such as different audio tracks and higher quality upscaling.

And yes, I do like styled subtitles. The default Netflix ones looks terrible.

I wasn't ignoring them, just pointing out the main example of a bad batch.  You're making mountains out of molehills; it's reasonable to presume that the vast majority of Netflix users wouldn't care about this even if the option was available.

 

1 hour ago, LAwLz said:

When did I say it was a tragedy? All I wanted to show is that pirating content, especially if it's a direct site rip like what might be possible now, provides a higher quality experience to the end user. More flexibility in how the content is played, more features (like for example adding a commentary track to the movie), better quality (no restrictions on which device can play what quality, better post processing compared to the default player) and so on.

 

You might say I don't "need" those things, but by that logic we don't need Netflix at all.

My point is that to the end users, Netflix without DRM is an objectively better service than Netflix with DRM.

You said that Netflix's DRM would, and I quote, "fuck you over."  That's hyperbolic, to put it mildly.  Stripping DRM on a subscription service provides a small advantage to a handful of people who are obsessive about how and where they access content, and a tremendous advantage to pirates.

 

1 hour ago, LAwLz said:

Absolutely agree that some providers would pull their content off the platform, but that's because the content providers are still stuck on this false idea that DRM is absolutely necessary, even though there is a lack of evidence to support their opinions.

 

There is no reason why Offline downloads would go away. In fact, if the DRM was removed Netflix would have a stronger reason than ever to keep it. It's better to keep people using your own app, rather than make people move to a third party program.

 

And pirated copies would be easier to find? Please... Netflix content is already all over the web. The only difference would be that the pirated copies would have a better quality or smaller file size compared to the current copies. Netflix's DRM doesn't do jack shit to prevent people from pirating the content.

The thing is, you can't really ignore the practical reality of what content producers want.  They're not going to have that epiphany any time soon, if ever.  So, you can accept that DRM is here to stay, or you can keep hoping that they'll remove it and make a small number of viewers happy at the expense of everyone else.

 

On offline downloads... er, do you live in reality?  If Netflix removes DRM, there's zero reason for many people to stay subscribed.  The one person who keeps up a subscription downloads all the shows and shares them with their 29 closest friends.  And no, that doesn't mean Netflix's subscription model is bad -- the subscription is necessary so that Netflix actually has the money to make those originals and license other shows.

 

I know Netflix content is "all over!"  Hence "easier."  It's the difference between having to go a pirate site and understand the concept of a torrent versus just asking your friend to send things through cloud storage or a thumb drive.  There are plenty of places where piracy still thrives on physical or friend-to-friend exchanges.  DRM doesn't stop determined piracy, but it does prevent casual piracy.

[jagdtigger]

9 minutes ago, Commodus said:

You said that Netflix's DRM would, and I quote, "fuck you over."  That's hyperbolic, to put it mildly.  Stripping DRM on a subscription service provides a small advantage to a handful of people who are obsessive about how and where they access content, and a tremendous advantage to pirates.

You seem to think that DRM prevents pirates from getting  the stuff they want, sorry to burst your bubbles but it doesnt stop them. Pirates get what they want whether the service uses drm or not. The only thing DRM does is annoy and piss off the paying customer base....

[iamdarkyoshi]

On 1/3/2019 at 11:28 AM, Bananasplit_00 said:

yay, now we get to have even more intrusive and performance eating DRMs!

They'll put my 8086K and vega FE to use smh