[HN Gopher] "Widevine Dump":Leaked Code Downloads HD Video from ...
___________________________________________________________________
"Widevine Dump":Leaked Code Downloads HD Video from Disney+,
Amazon, and Netflix
Author : bertman
Score : 346 points
Date : 2021-12-27 12:55 UTC (10 hours ago)
(HTM) web link (torrentfreak.com)
(TXT) w3m dump (torrentfreak.com)
| orliesaurus wrote:
| Surely some people just use screen recording software for the
| "Download" illegally part?
| tomc1985 wrote:
| I don't think that works with HDCP, usually you get a big green
| box or something
| snailmailman wrote:
| The DRM technologies in place prevent screen recording from
| working, as far as I know. Or at least prevent it from working
| at high resolutions.
| agilob wrote:
| I found this interesting, so I tried: I recorded a HD movie
| on Netflix in Firefox, recorded using simplescreenrecorder on
| KDE5 in Xorg. I remember it was impossible to record shared
| screen in old (Ebay owned Skype).
| nly wrote:
| HD != 4K
| Mindwipe wrote:
| This is why Netflix only serves Firefox low resolution
| video.
| shbooms wrote:
| It's not just Firefox though, if you're running Chrome on
| Windows or Mac, you get the same 720p as Firefox.
|
| The only way to get Netflix in high def (1080p and 4k)
| from a web browser is to use a browser that is made by
| the same company as the OS it's running on.
|
| e.g.:
|
| - Microsoft Edge running on Windows 10 or 11 (if running
| Edge on some other OS, output will cap at 720p)
|
| - Chrome running on Chrome OS (if running Chrome on some
| other OS, output will cap at 720p)
|
| - Safari running on MacOS
|
| In any scenario not listed above, Netflix serves a max of
| 720p.
|
| https://help.netflix.com/en/node/23931
|
| https://help.netflix.com/en/node/55764
| toun wrote:
| This usually doesn't work because of HDCP, and you'd have to
| reencode the video stream, sacrificing quality. Removing DRMs
| is a lot cleaner.
| orliesaurus wrote:
| Makes sense, and I know a lot of people are like "4K ultra or
| nada" but I grew up in a world where 480p was watchable and
| good enough that you would invite friend over and have a
| freewatch party. So I guess it depends who is watching right?
|
| I tried a couple of screen recording tricks and it appears
| that Netflix is easily captured on Chrome....
| heywire wrote:
| There are also HDMI recorders you can buy online that strip
| HDCP and encode to a USB stick.
| Unklejoe wrote:
| For a while, there were HDMI splitters for sale on Amazon that
| would effectively strip out HDCP 2.2. I haven't checked in a
| while, but I bet that's still the case.
|
| It seems like these DRM efforts are futile, but then I remember
| that it's really just about keeping piracy outside of the grasp
| of "common folks". They will never be able to stop piracy if
| someone is determined enough.
| bertman wrote:
| The repos: https://github.com/widevinedump?tab=repositories
| sovietmudkipz wrote:
| I don't know why but for some reason I was hopeful to see unit
| tests in any of the repos. Searching "test" for that user
| doesn't reveal any tests. :(
|
| Even the digital property liberators/internet pirates don't
| test their software. I feel like I'm on an island with a small
| population of test enthusiasts.
| boppo1 wrote:
| What's the best place to get started with testing? As a
| newbie brogrammer it's intimidating enough writing software
| that works, let alone suites to comprehensively test it. Is
| there a testing 'bible'?
| corndoge wrote:
| You'll fare much better in today's software industry
| climate if you don't use the word brogrammer
| Godel_unicode wrote:
| There are many deeply held beliefs that people have about
| testing, so I recommend reading many different takes on how
| to structure your testing approach. For the pragmatic
| python programmer, Brian's book is quite good as a starting
| place:
|
| https://pragprog.com/titles/bopytest/python-testing-with-
| pyt...
| hatware wrote:
| Build systems that break, the tests come naturally after
| that.
| charcircuit wrote:
| >Even the digital property liberators/internet pirates don't
| test their software.
|
| The lack of automated tests doesn't mean they don't test
| their software.
| sovietmudkipz wrote:
| You're right I should be more clear. I was more interested
| in automated test rather than manual/exploratory testing.
| Thanks for the opportunity to clarify my comment.
| unbanned wrote:
| >Even the digital property liberators/internet pirates don't
| test their software. I feel like I'm on an island with a
| small population of test enthusiasts.
|
| Ultimately, what's the point. The tool either works, or it
| doesn't. Then you patch what doesn't work so it does work.
|
| Heck even the Linux kernel isn't tested.
|
| Unit tests are so management can have a good metric to sell
| code quality. I don't know any time unit testing has actually
| benefited shipping faster (which really is the only bottom
| line those above you care about)
| ohthehugemanate wrote:
| > I don't know any time unit testing has actually benefited
| shipping faster
|
| There's a lot of empirical research about this. A. Lot.
| Starting in the 80's, even. It's as close as it gets to
| empirically proven that software testing greatly reduces
| bugs and regressions, and accelerates delivery over the
| long term. It's not as clear if the acceleration is
| entirely freed up resources that would otherwise be spent
| fixing bugs, or if it also makes people develop faster.
| Also, it's pretty clear that Automated testing doesn't
| accelerate short or short term projects.
| caillougris wrote:
| > I don't know any time unit testing has actually benefited
| shipping faster
|
| It's of _huge_ benefits to me when I have to make a small
| tweak (fix a bug, or add a new specific corner case) into
| an existing codebase that I didn 't write and don't know
| very well. Being able to make a small change and being
| confident that it will not send everything burning in hell.
| datavirtue wrote:
| This, and any code base of significant size is unknowable
| and starts to produce bugs naturally. Requiring tests and
| verifying minimum coverage are a few things you can do to
| control the death spiral.
|
| I have worked on large systems devoid of tests. Not
| recommended. I literally witnessed multi-million dollar
| losses that would have been prevented by requiring tests.
| gentleman11 wrote:
| Why isn't the kernel tested? Too close to the hardware to
| be practical?
| danuker wrote:
| My experience: running a unit test is much faster than a
| manual test.
|
| While developing a feature or fixing a bug, it speeds you
| up overall, in spite of the initial investment in writing
| the test.
|
| As a bonus, you can keep them running permanently, to
| prevent new bugs or regressions.
| horsawlarway wrote:
| And the test covers much less surface area than most
| manual tests.
|
| For code that's expected to be stable for a LONG time -
| sure, write lots of good tests.
|
| For code that breaks at someone else's whim, which has a
| small shelf life, or which has a large surface area,
| think really, really hard about whether the test is
| actually going to be worth it.
| shakna wrote:
| > Heck even the Linux kernel isn't tested.
|
| Apart from the Linux Test Project [0], run by all the big
| Linux names, who regularly issue very detailed bug reports
| and usually patches as well, you mean?
|
| [0] https://linux-test-project.github.io/
| develop7 wrote:
| but linux kernel _is_ covered by tests. Not 100%, not all
| the subsystems, but there are automated tests nevertheless
| (introduced by Greg K-H, AFAIR)
| everybodyknows wrote:
| > Heck even the Linux kernel isn't tested.
|
| Linux kernel self-tests:
|
| https://kselftest.wiki.kernel.org/
|
| _Kselftest is run everyday on several Linux kernel trees
| on the 0-Day and Linaro Test Farm and other Linux kernel
| integration test rings._
|
| Most recent update to the source code was yesterday
| 2021-12-26:
|
| https://patchwork.kernel.org/project/linux-kselftest/list/
| GekkePrutser wrote:
| There's no point I guess, this kind of thing does not work
| for very long anyway. Because it gets blocked server side
| once it's out.
|
| It's more like a proof of concept than production code.
| vmception wrote:
| This is one of those github repositories that you just clone and
| move on.
|
| Don't fork, just clone to your local system. When it gets taken
| down the forks will disappear, whereas the clones will not. You
| can also just download a zip file.
|
| https://github.com/widevinedump?tab=repositories
| jrm4 wrote:
| "Making an imaginary-ish copy that stays on the big Microsoft-
| owned system is mostly unnecessary and probably not enough to
| keep it around, make sure you save a copy on your own computer
| that they can't get to."
|
| Don't want to be (too) condescending, but, as an old-timer it's
| kind of wild to me that people who work with tech a lot do
| actually sometimes need to be reminded of this.
| vmception wrote:
| Its wild to me too, but I've seen people actually debate fork
| perseverance and I'm always confused what the issue is when
| you can just have a local copy but somehow that often never
| gets brought up in those conversations. Its not even about
| something used in a package manager, they just really had no
| backup when the default behavior of the git protocol is to
| have a backup. I'm like "wait did they actually lose
| something?" so since that seems to be the case, yeah, gotta
| remind people.
| tomc1985 wrote:
| "Cloud-native" youth seem to have forgotten a huge chunk of
| computing
| vmception wrote:
| Did you see this gem the other day?
|
| https://news.ycombinator.com/item?id=29668260
|
| I'm still not convinced it wasn't a troll thread. Its like
| its _either_ a troll, or a coding academy class just
| graduated alongside a bunch of self-starters that made
| "coding" their pandemic project, where some popular TikTok
| content creator must be telling people to hang out on
| hackernews.
| alias_neo wrote:
| It continues to amaze me that so many people in my profession
| (software) don't know that Git is "decentralized".
|
| GitHub et al have taken over so ubiquitously that many
| developers I know have no idea that a bunch of what they do
| isn't even Git, and a bunch of what they don't do, is.
| jrm4 wrote:
| Wonder if they pay any attention to who wrote it as well.
| :)
| jrm4 wrote:
| Okay, I know I might be breaking some kind of HN rule here,
| but I'm super genuinely curious as to _why_ the downvotes
| here. Seriously. Is it "because people already know and I'm
| being condescending?" Is it "No, they shouldn't do this and
| instead allow the code to be censored?" Where are y'all going
| with this?
| ShamelessC wrote:
| > Don't want to be (too) condescending
|
| was what did it for me. basically claiming superiority
| prior to any actual engagement/discussion.
| jrm4 wrote:
| :) Fair.
| johnisgood wrote:
| I think it is also fair to expect them to know it without
| such reminders.
| tyingq wrote:
| #!/usr/bin/env bash
| API_URL="https://api.github.com/users/widevinedump/repos"
| for url in $(curl -s $API_URL | jq -r '.[].html_url') do
| echo "Cloning: $url" git clone $url done
| vmception wrote:
| If I wanted to save an important repo, I would run a command
| like this:
|
| ssh user@rsync.net "git clone --mirror
| https://github.com/widevindump/Netlix-4K-Script
| github/2021-12-27-widevindump_Netlix-4K-Script"
|
| ... which works because the 'git' binary is maintained on
| rsync.net and can be executed over ssh[1].
|
| [1] https://www.rsync.net/resources/howto/git.html
| gavinray wrote:
| Thanks
| rsync wrote:
| If I wanted to save an important repo, I would run a command
| like this: ssh user@rsync.net "git clone
| --mirror https://github.com/widevindump/Netlix-4K-Script
| github/2021-12-27-widevindump_Netlix-4K-Script"
|
| ... which works because the 'git' binary is maintained on
| rsync.net and can be executed over ssh[1].
|
| [1] https://www.rsync.net/resources/howto/git.html
| mindslight wrote:
| I'd delete this comment if I were you. The copyright
| cartels have ended lives for less.
|
| edit: I tried to keep it simple so that a null-edit would
| suffice to scrub the comment in question. But since I have
| to explain - the author runs the service for which they're
| providing instructions. This creates a straightforward
| argument that they intend their service to be used for
| storing forbidden files. Such "contributory infringement"
| is exactly how the copyright cartels have gone after
| youtube-dl, Popcorn Time, and many other general tools.
| [deleted]
| rsync wrote:
| Oh, dear god please, _please_ sue us.
|
| The exposure, the name recognition, the PR coup that this
| would be ... would dwarf every effort we have ever made
| _in over 20 years_ of trying to publicize our company.
|
| Seriously: If you work for any of these "aggrieved"
| content providers _and_ if you really want me to buy the
| Aspen house ten years early, _dear god please sue us_.
| mindslight wrote:
| And after years of litigation, when your well-paid
| counsel tells you that you're going to lose and the
| practical path forward is to sign a settlement agreeing
| to scan users' files for forbidden ones? IANAA but this
| does seem to be the basic path that every cloud service
| gets sucked into.
|
| I wish I were wrong, but I've seen no indication that
| courts respect digital privacy the way that physical
| boundaries have come to be respected (eg the US's 4th
| Amendment) - if you have the ability to do something
| about possibly forbidden communications, then you will be
| forced to. Digital privacy rights feel at least a few
| decades off, and that's assuming the centralizers don't
| continue to successfully embrace-extend-extinguish.
| vmception wrote:
| I mirrored it and am not affiliated, so we can now flag
| their comment for their protection
| loeg wrote:
| ... what?
| eatbitseveryday wrote:
| You can fork and detach. Then it is no longer linked.
| bckr wrote:
| > You can fork and detach.
|
| I wonder if GitHub will volunteer your detached fork for an
| experiment in touching hard drives with magnets
| sydthrowaway wrote:
| I've often wondered how easy it would be for people in the scene
| to rip Netflix or others streaming content. Isn't it as simple as
| getting the URL of the video player element in the browser and
| using cURL or wget?
| alibert wrote:
| I think there is actually no challenge to rip them because
| everything streamed seems to be almost immediately available
| for download in the original bitstream format without any
| recompression (at least for 1080p content).
| saurik wrote:
| Netflix is not just like <video src="something I could put into
| VLC">... DRM is often said to be "broken by design" but it is
| an actual _thing_ you have to defeat, not some lie told to
| scare you away.
| alt227 wrote:
| It is, but the resulting files are encrypted. Hence this post
| being about exposing CDMs (Content Decryption Modules). These
| use decryption keys obtained through hacking or paying internal
| staff. Once the decryption keys are exposed like this then the
| content providers 'burn'; them and generate new ones meaning
| the process has to start over again.
| ordx wrote:
| I assume at some point Widevine plugin decrypts these files
| to display the actual video stream in the browser, correct?
| Why don't they capture already decrypted stream?
| 323 wrote:
| It depends. Today there are APIs which allow the actual
| decryption to be done directly on the GPU, while requesting
| the GPU to not allow the sharing/capturing of those
| decrypted images.
| kingcharles wrote:
| You are technically correct. The stupid thing about DRM is
| that the player has to download the decryption keys into
| the RAM of the player. All these players do is try to
| obfuscate the keys so they can't be accessed very easily.
| When you see these proper rips out there they are being
| done by groups who extracted a decryption key from the
| player and used that to unencrypt the stream.
|
| DRM is dumb. I used to work on DRM. It was dumb then, it's
| dumb now.
| e3bc54b2 wrote:
| That's why they now embed displays with verification
| modules. Basically whole stack from server to your display
| is a giant chain verifying you are not doing what they
| don't want you to do.
| GekkePrutser wrote:
| And see how well it works. 2 hours after airing
| everything is online. The only ones they're giving any
| hassle are legitimate consumers.
| malermeister wrote:
| This is a similar charade to airport security: It doesn't
| actually do anything but satisfy a bunch of suits and
| create some pointless jobs around it.
| Scoundreller wrote:
| Though often they get it wrong, like when I bought a
| movie off Apple and it errored when I screen mirrored to
| my dumb TV and it's back to piracy first for me.
| Scoundreller wrote:
| My thought is that the decryption and decompression are
| interlinked.
|
| So while it's relatively easy to get the raw stream, if you
| want to re-distribute it, you'll have to compress it again.
|
| With these leaks, you can get the compressed and decrypted
| files and re-distribute without any added compression loss.
|
| Maybe I'm wrong, but it's the only thing that makes sense
| to me.
| 0x0000000 wrote:
| No, because the video is protected with the Widevine DRM. You
| can't just curl a resource, you will not get a usable output.
|
| That said, it can't be all too hard as Netflix exclusives are
| all over the open seas.
| themitigating wrote:
| There's a software kit distributed in "the scene" that
| downloads and decrypts Netflix content
| waltbosz wrote:
| It's not that simple. The video files are chopped up into
| pieces for streaming, so what you would download (assuming wget
| would handle the stream) are thousands of tiny files. You could
| reassemble them with ffmpeg, but first you'd need to decrypt
| them. It's the encryption that these leaked scripts take care
| of.
| alufers wrote:
| Can we just stop the shitshow with DRM? I have NEVER encountered
| a TV show/movie that I could't rip using a torrent either on
| public p2p sites or a private tracker.
|
| But I have seen a lot of my non-technical friends and family
| having a degraded experience, who pay for their streaming
| services every month. It was either because they were using a
| browser or device which was deemed unworthy of full quality
| streaming by the mighty DRM authors. And now the poor users of
| the TB-X505X will also have a degraded experience.
| carlhjerpe wrote:
| You're mixing terms up, you don't rip using a torrent or any
| other p2p protocol. You download things.
|
| You know how Netflix only allows you to stream 1080p in most
| browsers? That's because they don't support the DRMs content
| providers use for high-res content.
|
| You'll see webrips all the time with 1080p because someone can
| just record their screen and call it a day, but the 4k content
| is harder since the DRM prevents everything on your system from
| recording it.
|
| Not sure if webrips are screen recordings or actually
| downloaded copies, but it doesn't really matter.
|
| I have subs for D+ and HBO Max, if they're using DRM I for sure
| don't notice and don't care about it, I use either the app on
| my TV or the app on my phone to Chromecast and it's flawless.
|
| While content not on these platforms that I've chosen to
| subscribe to requires me to go though more hoops to get the
| same experience.
|
| It's not that the torrent experience is shit, but things like
| synced subtitles can be hard to find (requirement when watching
| with most of my friends and family) for example.
|
| I'm part of a quite decent private tracker we'll call "TD" and
| while I have nothing bad to say about my experience there, I
| will say the things I pay for work better.
| kiwijamo wrote:
| > It's not that the torrent experience is shit, but things
| like synced subtitles can be hard to find (requirement when
| watching with most of my friends and family) for example.
|
| Try out subdl[1]. It can work out the correct subtitles to
| download (based on a hash of the movie file apparently) and
| usually works well for me. I used to do this process manually
| but since trying out this tool I've been able to rely on it
| >95% of the time.
|
| Don't assume the subtitles provided by the paid service are
| good quality. I've on a few occasions been unsatisfied by the
| subtitles provided by Netflix, and checked out subtitles from
| other unofficial sources to find these are much better. This
| is especially true for foreign language subtitles--the
| translations Netflix has is really poor quality for some
| shows and much better ones can be found elsewhere. One
| excellent example of this is the German show 'The Same Sky'
| which has terrible English subtitles that actually makes the
| shows unwatchable. The only consistently good thing about
| Netflix subtitles is that the timing is more or less correct.
|
| Not sure about other streaming service as I don't generally
| use the others much.
|
| [1]: https://github.com/alexanderwink/subdl
| jorams wrote:
| It's astonishing how bad Netflix subtitles can be. Random
| example: the music during the intro of the show Suits is
| Ima Robot - Greenback Boogie. The English Netflix subtitles
| show the lyrics for the song, but they are obviously
| incorrect. Weirder is that they are incorrect in a
| different way every single season. Seemingly the subtitles
| were created by a different person every season, each of
| them starting from scratch, each of them having trouble
| understanding perfectly clear sentences, and nobody
| bothered to check anyone's work.
|
| Somehow the pirates get it right from the beginning, and
| consistently across all seasons.
| alufers wrote:
| Oh sorry, English is not my native language and I had to
| rephrase a few times, totally missed that.
|
| >You'll see webrips all the time with 1080p because someone
| can just record their screen and call it a day.
|
| I've checked my tracker and practically all TV shows from
| Netflix that are in 4K can be downloaded in 4K. And I am 99%
| sure they are not screen caps, for example the entire second
| season of The Witcher was released 17 December at 09:01, and
| my tracker had it ready to download at 12:26 at 4K with 3
| audio tracks and 2 subtitle tracks. The runtime of this
| season on imdb is about 8 hours, so it would be impossible to
| screencap, which means they had a bypass for the DRM ready
| ahead of time.
|
| Of course these are just examples that I made up and I would
| never enter or use such filthy and illegal websites.
|
| And for the mobile and smart TV experience there is Plex. It
| even has features which aren't possible with the legitimate
| services, such as "Watch Together" which allows you to watch
| stuff with friends over the internet.
| carlhjerpe wrote:
| All good on the English mate, just had to make sure.
|
| Netflix DRM might indeed be broken(I don't know), but I do
| get the purpose of it. Now only nerds in nerd communities
| can do illegal stuff in HQ then.
|
| Plex is great indeed, I might sub to a seedbox with shared
| account and set it up again some day, though I like the
| thought of using Jellyfin since it's open source.
|
| D+ supports group watch.
|
| I mean, if something is available on a streaming service
| the experience is good, but torrenting doesn't have to be
| as bad as it is for me (I don't run servers at home, and I
| don't want "server software" on my desktop either really).
|
| I just think we shouldn't complain that those who
| distribute content wants to protect it, even if the
| protection is subpar.
| Macha wrote:
| > D+ supports group watch.
|
| Even when the paid service supports it, they can add
| complications, for example. Amazon Prime group watch
| doesn't work between my Irish subscription and my
| friend's UK subscription even when the media is available
| in both regions.
| carlhjerpe wrote:
| Does group watch work across plex servers?
|
| I can see why they don't cover this edge case if I'm to
| be entirely honest.
| alufers wrote:
| Nope, but it's not a problem since a friend can use his
| account to log in to yours server.
| Macha wrote:
| My experience is with jellyfin, but without the
| complexities of cross region licensing + DRM, there's
| nothing forcing people in different areas to not use the
| same server
| carlhjerpe wrote:
| I mean I figured this would be the answer. But do you
| think It'd be that easy for someone that really want's to
| make this work? There are lawyers all over the place with
| or without DRM. The people who make the content don't
| want it to be spread across regions the "deliverer"
| didn't pay for, and then implementing this niche feature
| isn't worth it for the shows that exist cross region.
|
| What I'm saying is: People want to get paid, and if
| people don't get paid content doesn't get made. I don't
| like how this works either, but we must also understand
| that It's complex for that exact reason: Money.
|
| I'm not saying you're stealing since you're not taking
| anything from someone (Stealing a bike leaves one less
| left) but you're also not paying for something someone
| made for paying customers. As long as we have country
| borders this will be a problem only overcome by people
| who feel above the law and copy content illegaly.
| [deleted]
| kybernetikos wrote:
| Recently tried to play a streaming service film on a second
| screen from my phone, but it wasn't allowed. This makes no
| sense given that I can do it from my PC in the browser client.
| But then the PC isn't allowed to download video from the
| streaming service for offline viewing, while the mobile client
| is. When I travel, I'm often not allowed to view shows that I
| watch in my home country on the streaming service, even though
| I'm using my own account on the same machine.
|
| On top of all that, I worry that at some point one of the major
| services will arbitrarily cut off my access and any media I've
| 'purchased' will be lost. In the old days, your household
| insurance would pay to replace DVDs stolen or lost to a fire. I
| doubt that household insurance these days covers loss of access
| to google or amazon prime video, but the monetary value of
| these libraries could be enormous.
|
| It's all stupid. The big media companies killed the companies
| offering 'dvd locker' type streaming services, where you
| legitimately bought and owned the DVDs, but the company allowed
| you to stream them over the internet. That would have been a
| nice way of doing it.
|
| I find our descent into a culture where nobody owns anything
| but everything costs as much or more for temporary access as it
| did for ownership disappointing. Even people whose ideology
| praises property rights above almost all else don't seem to
| mind that they actually have those rights in fewer and fewer
| things of consequence.
| antihero wrote:
| It's such a chain - even if a distributer didn't want to use
| DRM, the buck will stop with a lawyer for the content owners
| who's job it is to do everything in their power to make sure
| their clients get paid for the content. Why would one of those
| make it easier to pirate?
|
| Corporate drone logic man.
| tgsovlerkhgsel wrote:
| Because they can sell more views if paying customers are
| happy.
|
| I refuse to pay for Netflix because even if paid I wouldn't
| be able to watch the content (including Netflix originals
| where the "rightsholders don't allow it" argument doesn't
| make much sense) in reasonable quality.
|
| Meanwhile, people can watch it from an unlicensed source
| without paying (legality varies by country but generally low
| risk for users), and as long as adblock works, the experience
| really isn't much worse than with Netflix.
| darkwater wrote:
| I'm all against DRMs but the friction nowadays is, if you
| stick to one platform, almost zero, way less than your
| average pirated experience. Now, if we talk about platforms
| balkanization and how you have to shell out 50EUR-$/month
| if you want to enjoy just the best content from major
| platforms, that's another topic.
| midasuni wrote:
| I agree it's really cheap. I know people spending three
| times that for some cable tv service which comes with
| adverts in the middle of programs!
|
| At some point streaming will devolve to that, and it will
| be back to torrenting as the content providers kill the
| goose that lays the golden egg
| tomxor wrote:
| Yeah, I don't know in what world DRM is supposed to stop people
| ripping stuff, it only seems to hurt paying users, ultimately
| if it comes out of a screen you can always capture the output,
| no amount of DRM will ever prevent this so why bother <insert
| conspiracy vs Hanlon's razor theories here> .
|
| The irony is that as a Linux user (only SD for us), and a user
| with poor internet and thus shitty streaming speed, DRM pushes
| me towards torrenting everything I "buy" from these platforms
| anyway, just for the privileged of being able to watch what i'm
| paying for without being a blurry over-compressed mess, without
| having my device rooted by a third party, and not needing to be
| blessed with a consistent high speed internet connection.
|
| I've said it before, torrenting today is as good as the
| experience of buying music on a physical medium in the 90s...
| you bought it, took it home, and played it in fully quality
| uninterrupted, END OF STORY. streaming services still haven't
| matched this experience.
| zbuf wrote:
| > no amount of DRM will ever prevent this so why bother
|
| There is a possible reason: insurance.
|
| Once insurers are involved it drives behaviours in media
| production that may at first not appear to make sense --
| protecting content in it's various forms leads into technical
| constrains however it can just as easily lead into "theatre".
| eadmund wrote:
| > ultimately if it comes out of a screen you can always
| capture the output, no amount of DRM will ever prevent this
|
| I think that the end goal for the media companies is to add
| watermarking to all media and require watermark detection on
| all video-recording equipment, to include cameras. This would
| be terribly bad, but I _think_ it is technically possible.
| Scoundreller wrote:
| Sell them some easily defeatable "solution". Use lots of
| buzz words. They'll buy it!
|
| They've been buying dreams long enough, may as well be the
| one that sells it to them.
| tux3 wrote:
| A practical problem DRM will always have is that the full
| DRM chain that tries to include everything in the path down
| to the cables, that involves too many actors not to break.
| Keys will inevitably leak left and right, and you'll always
| be able to find some sort of cable and capture card setup
| that ignores DRM.
|
| About the watermark scheme, if it was standardized for
| inclusion in any video-recording equipment, then the
| standard would leak and people would learn how to neuter
| it. Or people would flash their camera's firmware to patch
| out the detection code.
|
| There's simply too many places where the scheme cannot be
| secure, by design. It's hard to stop finding weak points in
| the DRM scheme.
| derekp7 wrote:
| The "paying users" is exactly the group that DRM is designed
| to hurt (control). There is a large class of users that won't
| mess with torrents or whatever for a number of reasons. Ones
| that apply to me are 1) I don't want my internet service cut
| if the ISP gets a complaint, 2) Yes, I know I can use a VPN
| service to get around (1), but then I'd have to find a
| trusted VPN and there have been ones in the past that were
| outed as honey pots. 3) You have to be part of the "scene" to
| work around (1) and (2). 4) I have some disposable income, so
| at this point in my life I don't feel a "sting" by paying 5 -
| 7 bucks a month for a streaming service. I'm sure that for
| other people, lack of familiarity with how to get content
| through unauthorized means.
|
| Now for the control that they want over users like me. If I
| could easily do it, I'd subscribe to one service, grab a
| bunch of content to watch later, then unsubscribe a month
| later and go to the next service in line. Also they want to
| control how I use the media, such as watching offline (by
| using the "download to watch later" button they provide, they
| can ensure that I don't download it to all my friends'
| devices, and that I still am a paying customer at the time I
| decide to watch later).
| therein wrote:
| They could achieve the same chilling effect on the "I'll
| just download it by using a chrome extension" crowd by
| having simple convoluted scheme in the way they retrieve
| the data. It isn't unseen, downloading them in chunks even
| is sufficient to throw these people off. Simple xor with a
| dynamic key with the decoding work done in WASM for more
| obscurity to throw the common downloader and reverser off
| would have the same effect without the intrusion into my
| computing device.
|
| But it is what it is really. Not really disagreeing with
| you.
| 5e92cb50239222b wrote:
| > torrenting today is as good as the experience of buying
| music on a physical medium in the 90s
|
| You meant to say "it's much better than buying experience has
| ever been". You throw an RSS feed into your torrent client
| _once_ and get desktop or email notifications when a new
| episode is downloaded and ready to play. If there 's enough
| disk space, you can add whole categories in there and have
| hundreds of shows available locally at any time.
| nsxwolf wrote:
| This is not a good experience. I cannot order a box like an
| Apple TV and just hook it up to my new TV and go. It's
| never as easy as anyone says it is, there's always more
| steps involved than logging into iTunes and/or subscribing
| to some service with my credit card. Plus there's always
| the chance of a lawsuit hanging over my head.
| y4mi wrote:
| For a tech illeterare person maybe. using `docker-compose
| up` to start a preconfigured sonarr, radarr, transmission
| with VPN , Plex or jellyfin is almost all you need. the
| only addition is getting a VPN service such as mullvad...
| If that's too involved for a software developer I'd call
| that person pretty incompetent, honestly.
| bitexploder wrote:
| You got downvoted but once setup it really is easy. We
| have a little VM with deluge and a VPN. Couple little
| IPTables rules ensure it can't even route traffic except
| over the VPN interface or the one VPN endpoint, making
| sure no traffic leaks. I'm more worried I'll stub my toe
| and it will hurt than my traffic leaks. I showed my wife
| how to use it, no problem. Sketchy browsing happens with
| Guacamole and a browser in a (separate) VM that wipes
| itself every few days.
| meepmorp wrote:
| > using `docker-compose up` to start a preconfigured
| sonarr, radarr, transmission with VPN , Plex or jellyfin
| is almost all you need.
|
| That "almost all you need," is exactly why I'd rather
| just plug in an Apple TV. I'm not technically
| incompetent, I just have better things to do with my
| time.
| simfree wrote:
| Jellyfin's Syncplay and Roku app work as well, making
| group video watching easy
| firethief wrote:
| I have an Android TV and streaming subscriptions. If I
| want to stream something I have to find out what service
| carries it, open the right app, and attempt to type the
| title with the arrow keys on the remote. For me, it's
| much easier to torrent.
| ALittleLight wrote:
| Plus, it's free.
| wernercd wrote:
| Or, you get a small server and download a package... with a
| little finangaling, you have a service that will catalog
| shows and movies you want to watch, download them, sort
| them and push them to your own private "netflix" server ala
| Plex.
|
| https://github.com/sebgl/htpc-download-box
|
| put it behind a VPN (included) and bam... all your stuff,
| globally gotten and none of the BS with "Wildvine" and it's
| ilk.
| majormajor wrote:
| How do you carry it around?
|
| The torrenting experience IMO is still fairly limited
| compared to either the BluRay experience for "max quality"
| viewing at home (but with easy portability of the disc too)
| or the "play it anywhere you're logged in without being tied
| to a particular device or hard drive" experience of
| streaming. When it comes to movies, you can often get both of
| those with a single purchase, too!
| Retric wrote:
| BlueRay sucks for portability their quiet fragile needing a
| case of some sort, you p need a player, and you quickly get
| to the point of having multiple CD cases worth of disks.
| Compared to the disks USB drives win, if your talking a
| player you might as well just take a tablet or laptop with
| multiple movies, and external drives hold as many movies as
| those CD cases while being far more convenient.
|
| As far as I am concerned BlueRay loses on all fronts.
| marcodiego wrote:
| You're mixing up things. DRM goal is not to prevent copies, its
| goal is to give media producers control over the distributors.
| CorrectHorseBat wrote:
| Care to elaborate? What are they gaining from that?
| wnevets wrote:
| I'm assuming the commenter you replied to is talking about
| the fact legitimate distributors usually follow the law.
| They're going to pay the large sums of money instead of
| breaking the DRM.
| mook wrote:
| But they would be paying the same money without the DRM
| too; they're paying to be legitimate, regardless of
| whether the DRM is there.
| marcodiego wrote:
| Giant media conglomerate says to Big distributor:
| - Hi distributor! Do you want to distribute our content?
| You just have to make sure players will have this list of
| anti-features.
|
| Big distributor says to manufacturer: - Hi
| manufacturer! Do you want to play the content we
| distrubute? You just have to make sure your TV's will have
| this list of anti-features.
|
| And here we are.
| monocasa wrote:
| Yep, like the unskippable ads on legitimate DVDs, where
| you couldn't be certified if you made a DVD player that
| let you skip those video files like all the others on the
| disc, and you couldn't legally make an uncertified player
| because of the DRM.
| marcodiego wrote:
| Exactly. Like consuming content from another region,
| having a personal backup copy of content we legally
| bought, like re-selling content we legally own, like
| recording and replaying transmission from
| "terrestrial"/"over the air" TV, like making our own
| devices capable of playing that content...
|
| These are all rights that (AFAIK, IANAL) we legally have
| but can't exercise because media producers took the
| control over distributors of content and devices
| manufacturers.
|
| We have nothing equivalent to a VHS recorder where can
| simply press a button, recording whatever is on TV to a
| removable media and play it anywhere else! We can't even
| buy a non-smart (actually calling it smart is dumb) TV
| for a reasonable price anymore!
|
| Video rental stores are all closed where I live. Media
| consuming has degraded to before 90's experience.
| genewitch wrote:
| >We have nothing equivalent to a VHS recorder where can
| simply press a button, recording whatever is on TV to a
| removable media and play it anywhere else! We can't even
| buy a non-smart (actually calling it smart is dumb) TV
| for a reasonable price anymore!
|
| to the first part, some of the "antenna to HDMI" boxes
| let you plug in an SSD, and will let you have a
| "recording loop" like a DVR, and also let you DVR
| scheduled shows. If you then take that drive and plug it
| in to a computer, it will have files that open with
| VLC/mpv/mplayer/whatever.
|
| And to the second part, I used a large monitor as a TV
| for a long while, and my primary screen is a projector,
| both of which are just dumb "bits to nits" devices. The
| downside is having to have external speakers.
| marcodiego wrote:
| > to the first part, some of the "antenna to HDMI" boxes
| let you plug in an SSD, and will let you have a
| "recording loop" like a DVR, and also let you DVR
| scheduled shows. If you then take that drive and plug it
| in to a computer, it will have files that open with
| VLC/mpv/mplayer/whatever.
|
| What you probably will not find is one of these devices
| with support for netflix. No big name brand offer this
| feature. Probably not supporting this feature is required
| to get permission to support netflix.
|
| > And to the second part, I used a large monitor as a TV
| for a long while, and my primary screen is a projector,
| both of which are just dumb "bits to nits" devices. The
| downside is having to have external speakers.
|
| Yes. No "integrated" set. TV's now are locked down
| computers which take as much control away from the owner
| as possible.
| CorrectHorseBat wrote:
| But what are they gaining from that?
| marcodiego wrote:
| Among other things, they remove competition.
| rolph wrote:
| i think you have something here.
|
| if DRM is at least stifleing competition, thats antitrust
| brewing up
| pengaru wrote:
| > But I have seen a lot of my non-technical friends and family
| having a degraded experience, who pay for their streaming
| services every month.
|
| That's a feature, not a bug, from the perspective of those
| pushing DRM and other access/consumption controls onto
| consumers.
|
| How many times will someone buy the same content just to find
| the best combination across all their services and devices to
| fit their current arrangement? A hell of a lot more than if
| they just bought a universally playable instance of maximum
| quality that never gave a poor experience in any viewing
| context.
|
| It's an ugly, exploitive rent-seeking form of "worse is
| better".
| arbitrage wrote:
| Your experience is not important. You've already bought into
| the ecosystem. DRM allows someone else to make money. Your
| comfort, or the comfort of like three people you happen to
| know, neither loses nor gains a capitalist money.
|
| Your discomfort is literally the last thing anyone cares about,
| and will not make DRM go away.
| remus wrote:
| Case in point: I can't listen to spotify on my laptop if I've
| got my external monitors plugged in via USB-C. Not a problem
| with MP3s of course.
| karmakaze wrote:
| I've never had this issue. Spotify (on Mac) uses the
| computer's sound output setting (laptop speakers or monitor),
| unless you choose another destination with the Spotify
| 'device' option.
| Nextgrid wrote:
| Presumably there's something incompatible with how the
| Spotify client plays audio and how his system handles audio
| playback. His point still stands though - with MP3s he can
| use an alternative player, with Spotify he can't.
| midasuni wrote:
| I use an ncurses Spotify client (I forget what) or a web
| browser to listen on my computer (normally I do it on the
| phone and airplay to the required speakers). Never had an
| issue.
| karmakaze wrote:
| My problem with Spotify isn't the DRM, since I use it
| mostly to play either background music or find different
| things to listen to--like I used to use satellite radio.
| The problem with Spotify is that the artists (for the
| most part) get so little while providing the content.
| 323 wrote:
| > _The problem with Spotify is that the artists (for the
| most part) get so little while providing the content._
|
| That's because there is too much supply of music.
| Attention is the scarce thing today.
| marcodiego wrote:
| I don't care about downloading anything. Does it allow me to
| watch netflix without the need of proprietary software?
| charcircuit wrote:
| source available software can still be proprietary
| marcodiego wrote:
| Can't ffmpeg/gstreamer/whatever just use the keys?
| m3nu wrote:
| It seems to use ffmpeg and aria2. :-)
|
| So the repo is a bit like youtube-dl in that it puts the
| pieces together and finds the right links.
|
| https://github.com/widevinedump/WV-
| AMZN-4K-RIPPER/tree/main/...
| thrwn_frthr_awy wrote:
| I don't care about downloading anything either. Does it allow
| me to watch Netflix at the resolution I pay them for?
| unbanned wrote:
| Dunno who the person linked by that miimoji thing, but I hope
| they have a good lawyer
| [deleted]
| brutal_chaos_ wrote:
| https://github.com/widevinedump/NETFLIX-DL-6.0 seems to have just
| been replaced with https://github.com/widevinedump/NETFLIX-
| DL-6.1.0
|
| Due to a bad connection the 6.0 clone didn't finish. So,
| naturally, I tried again and was receiving a login prompt....so I
| go to the URI in a browser and ... 404. But the 6.1 repo was
| available...
| widevinedump wrote:
| An IPFS Mirror of all the repos of the GitHub account.
|
| https://cloudflare-ipfs.com/ipfs/QmWPo4VqWwrdU3A7fm9Ze3Qm31D...
|
| For example: ``` git clone http://cloudflare-
| ipfs.com/ipfs/QmWPo4VqWwrdU3A7fm9Ze3Qm31DH... ```
|
| To pin and help seed on your local IPFS node ``` ipfs pin add
| /ipfs/QmWPo4VqWwrdU3A7fm9Ze3Qm31DHBz4bZPNeFPojS8huSg ```
| Cloudflare IPFS can be replaced with other ipfs nodes like
| dweb.link or your local one.
| garblegarble wrote:
| The repo readme is pretty telling - this is being leaked to force
| this particular key to be blacklisted, I guess one group annoyed
| with others and wanting to cut off their access (and presumably
| the leaking group already has other L1 keys so doesn't fear this
| key being burned...)
| betterunix2 wrote:
| There is something amusing about weaponizing the key revocation
| process like this...
| hatware wrote:
| Everything about it is fascinating. These people all have day
| jobs yet they provide a better experience than the multi-
| trillion dollar corporations that are releasing the product
| in the first place.
| londons_explore wrote:
| These people probably all have day school... I think most
| people who get past school age tend to retire out of this
| crowd of people...
| hatware wrote:
| Are you implying that young adults are more responsible
| for the state of piracy today than adults? I don't see
| that at all.
| dijit wrote:
| I feel like I have to defend the parent here. My
| experience in the nulling/warez/pirating community is
| that it _tends_ to be young adults doing the majority of
| the work and mostly they do it for kudos and not monetary
| benefit.
|
| Adults might be giving them the kudos, but the hard work
| (again, in my experience) is young adults, of school age.
| hatware wrote:
| Young adults aren't breaking into streaming devices to
| extract the CDM keys. They also aren't running trackers
| like Orpheus and Redacted. Those are small examples, but
| I'm not sure I understand how young adults would ever
| have the mobility and network to do these things.
| selfhoster11 wrote:
| They are. Plenty of them are more than talented enough
| for it.
| betterunix2 wrote:
| George Hotz (geohot) was a teenager when he cracked the
| iPhone and was 20 when he cracked the PS3. So...yes,
| young adults certainly can extract keys if they have the
| time and motivation, and being young adults they often
| have plenty of time on their hands.
| floatingatoll wrote:
| Er, you may not have been a young adult with l33t
| hardware hacking skills, but others were.
| rolph wrote:
| these young adults havent learned the utility and
| nessecity of anonymity
| monocasa wrote:
| A lot of them started as young adults, but the scene has
| been going on for over 20 years. Some people quit over
| time, and some other joined as they got old enough to
| contribute, but I wouldn't paint with as wide of a brush
| as you're doing.
| Commodore63 wrote:
| It was definitely the case for me! I aged out of warez
| when I got a full time job.
| jorvi wrote:
| I think the warez 'golden age' was 1995-2015.
|
| Before that most of the protections were just not that
| severe (and thus interesting), and after 2015 Steam,
| Netflix and Spotify severely stemmed the influx of people
| being exposed to piracy and thus potentially going deeper
| into the culture.
|
| Tangentially related but I think that's also why in a
| strange way the advent of the smartphone and other
| 'curated technological experiences' has lowered computer
| literacy for the average person born after ~1995.
| Wiseacre wrote:
| I would just like to point out that this is a forum
| called Hacker News.
| tyingq wrote:
| I also noticed it provides part of the functionality with a
| .pyc file, without including the normal python source. This
| one, for example: https://github.com/widevinedump/WV-
| AMZN-4K-RIPPER/blob/main/...
|
| I'd be a little leery of running that outside of a sandbox.
| charcircuit wrote:
| or they had the skills to just dump it again
|
| Edit: nvm I understood which key you were talking about. I
| would have replied, but I'm rate limited.
| garblegarble wrote:
| Ah, I thought L1 keys were burned into hardware, so
| blacklisting this key was effectively blacklisting a bunch of
| Lenovo tablets from accessing 4K HDR streaming?
|
| Edit: looks like I'm wrong about this, and the Widevine L1
| keys can be changed with a firmware update. There's an
| interesting breakdown of how it works on Qualcomm chips here:
| http://bits-please.blogspot.com/2016/04/exploring-
| qualcomms-...
| londons_explore wrote:
| Does this mean if I have a lenovo tablet that currently
| streams 4K, that it will lose 4K video support? Could I ask
| Lenovo for a refund?
| jeroenhd wrote:
| You should be able to ask Lenovo for a refund if you've
| bought the device with this feature in mind and if Lenovo
| advertised the ability to watch 4K on your preferred
| streaming service.
|
| If the device just happens to support 4k, you may be out
| of luck. You could try sueing the parties that are
| supposed to deliver the 4k content and have revoked the
| key, but I doubt you'll get much out of them.
|
| If you rely on DRM, the media industry has all the keys.
| You're left to their whims when it comes to content
| consumption, and there's very little you can do.
| nikanj wrote:
| Yes and yes. Lenovo probably doesn't give a shit, though.
| But you can ask!
| Scoundreller wrote:
| Depends on the country. Some do have some liability on
| manufacturers and/or vendors for defects. Unsure if an
| asterisk in their click through contract about key
| revocation would even matter.
| garblegarble wrote:
| I would think so (the repo suggests this is a Lenovo
| TB-X505X key, I'd imagine they're at least per-product).
| I could certainly be be wrong about L1 keys being burned-
| in, that was just my understanding of it (vendor docs say
| things like "Hardware DRM", but maybe I'm jumping to
| conclusions from marketing speak)
|
| The Widevine spec doesn't say either, it just says that
| all processing is within the Trusted Execution
| Environment, so I suppose the keys could be
| loaded/updated in firmware. I'm looking for more docs
| now...
|
| Edit: looks like I was wrong and they can be changed with
| firmware updates: http://bits-
| please.blogspot.com/2016/04/exploring-qualcomms-...
| alias_neo wrote:
| TEE is an environment with hardware backed attestation,
| you run a piece of software in the "black box" to do
| things like key generation etc.
|
| My educated guess, having used TEE/TrustZone for keys is
| that they could update the payload (the "Trusted
| Executable") with a new one to resolve the issue.
| NavinF wrote:
| Would they release a firmware update with new keys though?
| If they can't fix the vulnerability, the new keys would get
| dumped just like the old ones.
| 2Gkashmiri wrote:
| the videos look interesting but i am on linux and this looks
| windows only. also, i need some background knowledge to get this
| working so i could not retry.
|
| a good attempt imo. if i had the time and the necessary technical
| competency, i would've loved to jump into it. for many years
| piratebay was my default homepage. now, lookmovie or vumoo gets
| my occasional streaming fix
| tyingq wrote:
| I imagine it's windows only because widevine on Linux is
| crippled for many services, like HBO Max.
| 2Gkashmiri wrote:
| well if the utility is merely breaking encryption on the url,
| it shouldn't matter what the host is? right?
| tyingq wrote:
| Ah, perhaps. I didn't look to see how it works, if it
| requires the widevine binaries, certificates that come with
| it, etc.
| wcarss wrote:
| A pile of .exes and compiled python code like this, especially
| with such a targeted audience, seems like a great vector to
| potentially own a lot of people's boxes.
| mehdix wrote:
| This was my first though as well, but not everything is in
| compiled form. For example see `bad34.py` in the Paramount-
| Plus-4k-Downloader repository.
| [deleted]
| bogwog wrote:
| > Hi! My name is WVDUMP. I am Leaking the CDM to burn it & punish
| few idiots that think themselves as dicord lords :smile:
|
| Why do so many people doing illegal/shady shit online use
| Discord? You might as well be using Facebook at the point.
| agilob wrote:
| Before Discord they were using IRC which was printing your IP
| address (or reverse DNS) when joining a channel.
| kuroguro wrote:
| IIRC quite a few botnets used to use public IRC channels as
| C2 servers (also a pretty bad idea).
| bogwog wrote:
| At least with IRC you can use a VPN and self host a server.
|
| Discord can, and is highly incentivized to, identify and
| track you across the internet.
|
| Idk if they do this, but it shouldn't be that hard in this
| day and age to build a profile on users based on messages and
| activity. That can be cross referenced with other sources of
| data to identify you, especially if it's done manually by
| like an FBI agent or whatever.
| LinuxBender wrote:
| The IRC networks I used did not block VM's and rented servers
| from proxying my connection or using an IRC client from a
| tmux/screen session. Back then I could use visa gift cards to
| rent machines. That is harder to do now.
|
| Discord in most cases will prevent people from doing this.
| Most people should be ready to click all the crosswalks,
| buses, traffic lights forever in a loop.
| Strom wrote:
| > _You might as well be using Facebook at the point._
|
| There is a lot of illegal activity being organized on Facebook
| too. Especially in non-English. In the short term and at scale,
| that is as good as encryption.
| NaturalPhallacy wrote:
| They're also authoritarian and poisonously woke.
| ronsor wrote:
| They use Discord for illegal stuff because they already use it
| for tons of other things. Sure it's a bad idea, but they don't
| care (and with all honesty, Discord support doesn't seem to
| either).
| BTCOG wrote:
| Discord - a lack of agreement or harmony
|
| Synonyms for discord
|
| conflict, disaccord, discordance, discordancy, disharmony,
| dissension (also dissention), dissent, dissidence,
| dissonance, disunion, disunity, division, friction,
| infighting, inharmony, schism, strife, variance, war, warfare
|
| Seems pretty fitting? :)
| 323 wrote:
| Am I correct that homomorphic encryption will solve the DRM
| problem, in the sense that it will be mathematically proven (in
| the cryptographic sense) to be impossible to bypass?
|
| Of course, you'll still be able to cam-record the actual output,
| or steal the image from the TFT/OLED electronics, but no easy
| bypass.
| smoldesu wrote:
| The issue is that the image will _always_ exist in a decrypted
| state if you 're presenting it to the user. You can push that
| decoder further and further down the pipeline, but there's
| always a clean framebuffer to rip, no matter how you frame it.
| Yes, they could make it _harder_ , but I could also design an
| Arduino that dumps the serial output of your decoder before it
| reaches the display controller. It would take some borderline
| space-age technology to design an IC resistant to that sort of
| vuln.
| unnouinceput wrote:
| You are wrong. An encryption, any encryption, needs a key for
| decryption process. If the client is given that key then it can
| decrypt and rip the content. If the client is not given the key
| then how will they legally watch it since they paid for the
| content anyway?
|
| As a rule of thumb, anything that was made by humans can be
| unmade by humans. All you can do is make the pirate life
| harder, but never impossible.
| [deleted]
| natdempk wrote:
| Does anyone know what CDM stands for or refers to? Saw the
| acronym mentioned in a lot of the repos.
| Tobu wrote:
| Content decryption module:
| https://en.wikipedia.org/wiki/Encrypted_Media_Extensions
|
| A component that decrypts streams locally, which DRM makers
| intend will be restricted enough to not leak the keys it uses.
| natdempk wrote:
| Thanks for the explanation. So it seems like these repos are
| just scripts to download content and decode it once you have
| a CDM then? Seems like the actual CDMs here are ripped from
| devices and not actually included in this leak from a cursory
| glance.
|
| Edit: Yep this is what is happening, but there is an L1 CDM
| in the Lenovo repo. I should read the article before jumping
| in to the comments/code. :)
| [deleted]
| [deleted]
| cute_boi wrote:
| Haha, I chuckled when I saw that bandicam logo.
| BTCOG wrote:
| We really need real, ownable media. While I understand that even
| "owning" a disc 20 years ago was considered a license and not
| ownership, let's call it what it is for these intents and
| purposes here. I want to own my music, I want to own my movies
| and I do NOT want to essentially rent them and have them
| revokable. Same goes with games. I'll continue to pirate the
| videos and music as I see fit and continue to play emulated N64,
| PSX, etc games that are full copies of unchanging code. I don't
| want my collections to need an internet connection. The cloud is
| a fad that needs to die. I know many here like cloud, but it's a
| trap. Anyway, just my thoughts. I'll check out these tools if
| they're still up on the 'hub.
| from wrote:
| I did one of these for Hulu (https://github.com/chris124567/hulu)
| a while back. It didn't take very long to write. Most of these
| programs are just using the pywidevine library along with some
| key that's been leaked (if you know how to navigate Github search
| you can find one in a couple of minutes) and then integrating the
| streaming site's API. I wrote mine in Go because I got sick of
| the pywidevine hegemony and I felt it was unnecessarily
| complicated. The annoying thing is that key revocations are
| happening pretty frequently now. It's another one of those
| pointless cat and mouse games.
| specialist wrote:
| I just want to control the viewing experience, not hoard warez.
|
| Effortless rewind, skip filler (car chases, sex), play at x1.25
| speed, etc.
|
| aka the "Blu-Ray experience".
|
| If that means I gotta bypass the DRM and download, so be it.
|
| --
|
| Some shows have my complete rapt attention. I'll keenly watch
| (and rewatch) every single frame. Like Netflix's Maniac. OMG. So
| frikkin good. (So many other examples.)
|
| Other shows, especially rewatching a series, I just want to focus
| on the character development, dialog, and plot points.
| [deleted]
| searine wrote:
| FYI There is a great chrome extension that allows you to
| control playback speed, and it works on just about every video
| site.
| mtsr wrote:
| Similar extensions exist for Firefox as well.
| JZL003 wrote:
| On my phone so can't respond fully but if you select the
| <video> element in chrome and Firefox, you can control the
| .playbackRate attribute. Extensions can be useful but also
| abused, this is simple enough to do with a bookmarklet or
| manually
| specialist wrote:
| I'm interested. Link? I'll mosdef try it.
|
| For whatever I reason, I have to use Firefox to watch
| Disney+. (Mac Safari will always eventually ABEND. Shouldn't
| Apple regression test Safari on the Top X most popular
| sites?!)
|
| As for spotty rewind, like with Netflix, another comment
| might have the explanation (root cause); streams are broken
| into individually encrypted chunks. So of course there's lag
| (latency) when jumping around the timeline.
| rishimaharaj wrote:
| This is the one that I use to control video speed pretty
| much anywhere (works on any Chromium based browsers):
| [Video Speed Controller](https://chrome.google.com/webstore
| /detail/video-speed-contro...)
| ramraj07 wrote:
| Who the hell skips car chases? What movie had a car chase that
| you wanted to skip that made that movie more watchable (this
| sentence applies to the furious films as well, skipping the
| chase scenes there gives you the dumbest drama of all time).
| LinuxBender wrote:
| I skip most of them. This is just my own personal preference
| but unless someone comes up with a new angle on this they are
| just boring and repetitive for me personally. The same goes
| for most fight scenes. I spent many decades watching martial
| arts films and now find most of the fight scenes to be
| repetitive. The only _recent_ exceptions to this I can think
| of are the Bourne series, Kate and the first John Wick film.
| Prior to those, Kung Fu Hustle because of the mixed in comedy
| and thousands of movie references. Nothing else really comes
| to mind that I wouldn 't skip.
| cdubzzz wrote:
| Check out Atomic Blonde as well (for good fight scenes).
| There is a certain style of exhaustion about the fights in
| that film that I really love. I don't skip fight scenes
| regularly but I do also find most of them boring as hell
| and hard to watch (primarily because of excessive cutting).
| odiroot wrote:
| As a counter example, I watch Bullitt just for the car chase.
| mongol wrote:
| Yes but is not Bullit the original "car chase" movie?
| odiroot wrote:
| For a moment I thought The Italian Job (the original one)
| was first. But you're right, Bullitt is older by a year.
|
| Bullitt was definitely unmatched for a long time.
| cf100clunk wrote:
| The "Highway Patrol" TV series of the 1950s was a
| precursor of the car chase genre, as were some notable
| film noirs that elevated car pursuits as story lines i.e.
| High Sierra, White Heat. Agreed that Bullitt is
| exemplary, but don't forget The French Connection, Duel,
| Easy Rider, Two Lane Blacktop, and Vanishing Point and
| you have some great car/bike films of Bullitt's era. The
| hoaxy C'etait un Rendez-vous is likewise great if you
| don't do the time/distance math.
| boardwaalk wrote:
| Car chases are often filler like action scenes in general are
| filler, IMO.
|
| It's not universally true and depends on how consequential
| the scenes are. If you could flash "<insert fight scene here
| where X gets the upper hand>" instead and not miss much, I
| don't want it.
|
| Movies with top, top notch action and/or better integrated
| action are exceptions. The original Matrix, John Wick movies,
| Baby Driver, The Italian Job, Mission Impossible, etc.
|
| Superhero movies are usually not (it feels like they paste
| the drama and the action together in editing and it's
| dreadful).
|
| > (this sentence applies to the furious films as well,
| skipping the chase scenes there gives you the dumbest drama
| of all time)
|
| Well, yes, and I don't watch those movies :d.
|
| (I don't actually skip these car chases, but I do often zone
| out.)
| 29athrowaway wrote:
| It is not the fact they are a car chase but their relevance
| in the story.
|
| Personally when I rewatch the Back to the Future trilogy, I
| skip much of the car chasing stuff.
| specialist wrote:
| Yup. Just depends on the telling.
|
| "There are only two types of music. Good music and bad
| music." -- Duke Ellington.
| tyingq wrote:
| Imagining "Baby Driver" edited this way.
| specialist wrote:
| Exceptions to every rule, right? The car chases in Baby
| Driver are crucial to the story. So good.
| mysterydip wrote:
| I have sat through some movies _just_ for the car chases.
| orhmeh09 wrote:
| I think car chases are really boring, so I would. I also
| don't drive, so maybe car chases appeal more to drivers.
| 29athrowaway wrote:
| Fast and Furious 1 was a decent film that I enjoyed. I even
| have watched more than once.
|
| But the sequels are a different story. Those were unnecessary
| and absurd.
| marcodiego wrote:
| Meme scenes like "This is Brazil" and "The winner gets me"
| are icons of absurdity.
| m-p-3 wrote:
| I have the best possible experience by ripping my own Blu-Rays
| into my own Plex server, including all the languages, subtitles
| and commentaries. Easy to use, kids-friendly (no dirty fingers
| on discs), playable from anywhere, including offline with
| synced copies, and I don't pay a monthly fee to watch the
| content I already paid for.
|
| I wouldn't go back to subscription-based services, even if that
| means I have to wait for a disc release. At least there's a
| market for used Blu-Rays so I don't have to pay a fortune.
| dijit wrote:
| Do you have a guide for doing this?
|
| I think I killed my bluray drive but I'd consider buying
| another one if I can rip decent enough quality movies from
| them.
| jackson1442 wrote:
| Use MakeMKV to pull an MKV off the disc, then use Handbrake
| to compress it to a reasonable size. Relatively easy, just
| takes a bit.
| eatbitseveryday wrote:
| I thought blu-ray decoding was not possible. I remember
| long ago the DVD keys were extracted but it became
| impossible for blu-ray, except with a modified blu-ray
| disk drive with an older firmware that enabled this.
| m-p-3 wrote:
| IRRC they usually roll new master keys periodically,
| which normally requires a firmware update to get an
| updated set model-specific decryption keys, which I
| believe they can blacklist if the drive is compromised.
| Feel free to correct me on this, I'm a bit rusty on the
| matter.
|
| I haven't bought new movies lately, but I've been able to
| rip all the blu-rays I currently own with my old Blu-Ray
| drive.
| doublepg23 wrote:
| I bought a "cheap" ($100 at the time) USB3 bluray player
| and it ripped discs fine - even on Linux. I believe
| MakeMKV has you install the necessary libraries for
| decrypting.
| eatbitseveryday wrote:
| I think I read (on an Amazon review for a specific LG
| blu-ray product) that updates to the firmware of new
| devices happened in 2016 and no longer allowed reading 4K
| commercial films from that medium. I'd have to try and
| see how to do it today.
| doublepg23 wrote:
| Assuming it's 1080p not UHD I'll often keep the MKV with
| how cheap storage is.
| jackson1442 wrote:
| I _think_ you can rip it to a 4K UHD mp4 but it's been a
| while since I've done this. Tricky part is really
| compatibility, not sure if some of the apps I use to
| stream from NAS support MKV.
| m-p-3 wrote:
| You can skip the MakeMKV part and directly encode through
| Handbrake if you add the required libraries (libaacs,
| libbdplus) in your Handbrake install directory and grab
| decryption key database (which I won't link here). You
| can do the same with commercial DVDs and the libdvdcss
| library.
|
| Then it's just a matter of opening the disc directly in
| Handbrake.
| MattPalmer1086 wrote:
| I've found MakeMKV to be much more reliable than
| Handbrake for ripping.
| m-p-3 wrote:
| In my case I could never get MakeMKV to recognizey blu-
| ray drive, even when running the program with admin
| privileges.
|
| And why run MakeMKV then run the MKV in HandBrake if I'm
| going to transcode it to x265 anyway. At this point I'll
| do both at once.
| dijit wrote:
| > aka the "Blu-Ray experience"
|
| Have you actually used blu-ray or are you thinking about DVDs
| (and Blu-rays are a natural evolution in your mind?)
|
| Because, honestly, Blu-rays are atrocious.
|
| Every so often I actually buy a BluRay, not only to support the
| work but also because in the case of losing internet (but not
| power) I'd like to watch a small selection of carefully curated
| movies.
|
| I was in such a position 2 years ago, I had moved home and the
| internet had not yet been installed.
|
| Did you know that in order to play blurays on the Playstation 4
| (a Sony product, where Sony is also the maker of the BluRay
| spec _and_ it was even a Sony movie!) that the device must be
| connected to the internet to play bluray 's?? I didn't.. that
| was a shock.
|
| So I took to Linux, which... just couldn't play it...
|
| Why?
|
| The DRM keys could not be installed along with VLC (or
| something), after googling for half a day on my phones 4G to
| figure it out I ended up not significantly wiser and realised
| I'd been hoarding a bunch of useless plastic.
| specialist wrote:
| Busted. I conflated the two. Apart from the FBI warning and
| goofy one-off menus, I mostly loved DVDs.
| pm215 wrote:
| Thanks for the heads-up about ps4 bluray playing. Apparently
| (assuming reddit posts to be correct) the internet
| requirement is a one-time thing where it downloads codecs,
| and Sony is supposedly doing it this way so they only pay the
| codec licensing fee for ps4s whose owners ever actually play
| a bluray rather than for ever ps4 ever shipped. So I'll make
| sure to do a test bluray play and then fingers crossed if I
| want to watch something in future when the internet is out it
| will work...
| Fnoord wrote:
| Then half a day time could've been saved by having the PS4
| briefly connected to the internet via 4G.
| fishtacos wrote:
| Memory isn't quite what it used to be, but if I recall,
| this was also the case with the Sony PSP, Vita, PS3 and
| XBOX 360. They all required a separate activation step for
| playback of specific licensed codecs (I believe it was both
| MPEG2 and h264, varying with system).
|
| Unfortunate that a pretty basic piece of functionality is
| forever lost once the activation servers are taken down.
| salamandersauce wrote:
| Want something worse? Blu-ray constantly changes the keys as
| they get cracked/over time. If you don't have new keys you
| can't play new discs. Our first Blu-ray player stopped
| getting firmware updates and so stopped getting new codes.
| Became basically junk as who wants a Blu-ray player where it
| only can play films released pre-2012?
| charwalker wrote:
| That's probably why the PS4 needs internet, fresh
| keys/updates fetched when launching the disk.
| sergiotapia wrote:
| You might like vidangel, never used them though.
|
| https://www.vidangel.com/
| peanut_worm wrote:
| Can't you just record the screen or is there something preventing
| it?
| collegeburner wrote:
| Yes, HDCP is supposed to prevent though it is easily bypassed.
| tyingq wrote:
| I remember seeing an article showing that many (not all) of
| the HDMI splitters on AliExpress just disable the HDCP with
| no hacking required.
| tjoff wrote:
| The DRM (tries to) prevent it.
|
| You can also record the HDMI signal, which HDCP is supposed to
| guard against. But it was cracked even before it was being
| used/enforced. So now it only serves to create incompatibility
| issues and bugs for paying users. Even though it has been
| irrelevant for more than a decade.
|
| I guess the reason for why it still exist is because it
| prevents/hinders legal products to circumvent it, since that is
| against the law in many jurisdictions.
|
| Anyway, the downside of both solutions is that you have to re-
| encode the video, which will never be as good as the original
| source you get directly from streaming it. Though I'd imagine
| the difference is quite negligible. More effort though!
| phreack wrote:
| > So now it only serves to create incompatibility issues and
| bugs for paying users. Even though it has been irrelevant for
| more than a decade.
|
| Hey that's me! Every time I open a website that has DRM to
| the max like Spotify or Netflix, my second monitor goes black
| for like 10 seconds. Fun times.
| reaperducer wrote:
| Every now and then, my AppleTV will display a message
| stating that it can't play my home videos of my cat to my
| TV because the TV doesn't respect copy protection.
|
| I just restart the AppleTV and everything works again. I
| don't know what causes it, but it's been going on for at
| least five years across multiple AppleTVs, two televisions
| (Samsung and LG), and OS updates. But it persists, just
| like the AppleTV bug that kills all audio if I turn off the
| TV without turning off the AppleTV first. Again, the
| solution is to restart the AppleTV.
| tomc1985 wrote:
| > Though I'd imagine the difference is quite negligible. More
| effort though!
|
| Depending on your settings it's pretty visible. You'd need to
| reencode at a significantly higher bitrate to minimize
| quality loss
| nmkd wrote:
| Screen recording introduces generation loss.
|
| This method grabs the untouched video stream.
| no_time wrote:
| Your own hardware could in theory, watermark the output from
| the secure element. By ripping the original stream you get
| superior quality and no watermark. As long as it's not
| economically viable to serve every user a unique version of the
| stream of course.
| ocdtrekkie wrote:
| That's what Widevine prevents: It ensures the decrypted video
| is only available to proprietary devices and software which
| agree not to help you rip the video.
| lapinot wrote:
| At the end of the day you can always record the video buffer
| in some way or another (hdmi capture device, etc). The
| problem is that screen recording isn't what you want: it's
| lossy because you'll re-encode the output of a lossy encoding
| (at comparable level). You always want an ultra high quality
| source for encoding (in comparison with your target quality),
| else you'll amplify artifacts. To not deteriorate the
| perceptual quality you'll have to do little lossy compression
| (ie big file size, much bigger than the original encode).
| ocdtrekkie wrote:
| > At the end of the day you can always record the video
| buffer in some way or another (hdmi capture device, etc).
|
| You actually cannot without an HDCP decryptor, which tends
| not to be sold in a lot of countries since it's primarily
| used illegally.
|
| The idea with encrypted video such as Widevine, is that any
| time it passes over an unapproved device (such as an HDMI
| cable), it is encrypted on it's way to a device authorized
| to decrypt the signal.
|
| Also, HDMI is a digital format, and you lose nothing in
| transfer over it.
| sdflhasjd wrote:
| > You actually cannot without an HDCP decryptor, which
| tends not to be sold in a lot of countries since it's
| primarily used illegally.
|
| They are trivially easy to buy online though
| danuker wrote:
| And this is why I do not pay any company engaging in DRM.
| londons_explore wrote:
| So this repo contains keys that are soon to be blacklisted, but
| for $150 you can subscribe to the leakers API which presumably
| has other keys and will decrypt one movie at a time for you.
___________________________________________________________________
(page generated 2021-12-27 23:01 UTC)