Comment by alex7o
12 hours ago
They find devices that are easy to hack (and I mean rip and tear) and extract the decryption keys from each of them, from what I have heard cheap chinese tvs and set top boxes, they extract the keys from the chips (hardware hacking, heard some even use microscopes to read the keys by hand), and then use them to decrypt streams, I heard that they catch them pretty fast to they use like 1 device per season. This is why they use mostly stollen devices.
The really shitty thing is that vulnerable devices get blacklisted en masse, so all legitimate users get stuck with 480p video content on streaming services. The Nexus 5 got this treatment, as I understand it, because it was too easy to extract the keys.
Not a Netflix user here: Are you saying that paying customers get cut off from higher video quality, that they are possibly paying for, and pressured into buying new devices? That shit should be illegal!
Yes, that's exactly what happens!
It provides a good incentive for manufacturers to invest into security for their devices.
No, it provides no incentive at all!
It's the users who suffer when this happens, not the manufacturers. The manufacturers couldn't care less, the money is already in the bank.
If the manufacturers were required to replace all the revoked devices at their cost, that would be a real incentive.
1 reply →
Interesting - do you have any sources to read further?
Search for widevine decrypt. You’ll find code and forums where at least some L3 (software) keys are publicly shared. For high resolution on some platforms, you need L1 keys, but as far as I understand the decryption process basically stays the same once you have a working key.
Random article: https://www.ismailzai.com/blog/picking-the-widevine-locks
Claimed to be L1 key leaks (probably all blacklisted by now): https://github.com/Mavrick102/WIDEVINE-CDM-L1-Giveaway
You won't find a ton of up-to-date info that would let you do the same - the scene groups hold their methods closely specifically because of this cat-and-mouse game.
More easily in the past (I don't think if it's still true for 4K) you only needed an HDMI splitter to bypass HDCP copy protection.
Now you need both a buggy HDCP 1.4 splitter and an HDCP 2.1 to 1.4 converter.
The analog hole is real.
I was wondering how easy it is
I.e I know that hdmi stream can be encrypted so I guess for Netflix you can't juste have a "hdmi splitter"? Do you need to go as far as plugging yourself just before the lcd pixels ? And if so , is it the moment where its easier to have a high def camera pointed at your lcd screen with post processing?