Commit Graph

223 Commits

Author SHA1 Message Date
rlaphoenix 3a15c1050a Cdm: Fix context availability check in parse_license() 2022-07-30 03:11:21 +01:00
rlaphoenix 71a43a069d PSSH: Fix mistake in the doc-string of get_as_box() 2022-07-30 02:56:22 +01:00
rlaphoenix 0bfbbdccc3 Cdm: Return the service cert provider id instead of the cert
There's no need for the user to get back the verified DrmCertificate as they could easily get it themselves. Instead return the provider ID which may be more useful to get.
2022-07-30 02:50:22 +01:00
rlaphoenix d1974ad1fb Cdm: Improve parsing of service certificates 2022-07-30 02:44:34 +01:00
rlaphoenix 7078759cdf Remove uses of raw from CLI commands and serve 2022-07-30 02:29:20 +01:00
rlaphoenix 1cedba7e49 Cdm: Change param pssh to init_data
This is to signal what the Cdm really uses. Asking for a PSSH may sound like it uses a full PSSH when in reality all it cares for is the underlying init data (Widevine Cenc Header/WidevinePsshData).
2022-07-30 02:26:11 +01:00
rlaphoenix b5ac0f45a2 Remove Cdm raw param, Improve PSSH.get_as_box()
The Cdm no longer requires you to specify if it's raw or not thanks to changes in PSSH.get_as_box() now supporting both dynamically.

It will parse the data and if its not a box, it will use the provided data in a newly crafted box.
2022-07-30 02:21:19 +01:00
rlaphoenix 8f7cacb10a PSSH: Remove from_init_data()
This is unused and will soon be unnecessary.
2022-07-30 02:21:02 +01:00
rlaphoenix 676110c01e PSSH: Fix check of Cenc Header data in get_as_box() 2022-07-30 01:33:21 +01:00
rlaphoenix a3102ded18 Cdm: Verify Signatures of Security Certificates
This improves Cdm security and prevents a trivial exploit on Privacy Mode allowing an attacker to bypass Privacy Mode by controlling their own Public/Private Key Pair on Service Certificates.

The attack is simple in which you create your own RSA-2048 key pair, replace the public key of a service certificate with your own, and now you have the corresponding private key to be able to decrypt Encrypted Client IDs. This trivial attack is often used on CDM re-implementations, proxies, and APIs to obtain sensitive Device Client ID information.

With this commit this attack is prevented on this Cdm implementation, making it more secure from attacks. A signed DRM Certificate must be provided now as the ability to provide a direct DrmCertificate has been removed.

The root certificate added alongside this commit has no private key and cannot be used to re-sign an altered DrmCertificate.
2022-07-29 22:14:48 +01:00
rlaphoenix d9d8074f73 Extend functionality of migrate cmd to folders of wvds
This is so you can mass migrate devices instead of painfully one by one.
2022-07-29 19:29:39 +01:00
rlaphoenix fc9a290482 Device: Move structure revision notes next to the structures 2022-07-25 00:13:33 +01:00
rlaphoenix f63b94c31d Add ability to serve cdm devices remotely with serve command 2022-07-24 21:48:09 +01:00
rlaphoenix ac469383b8 Cdm: Validate License Message type in parse_license 2022-07-24 21:07:00 +01:00
rlaphoenix b081d66ca2 Update Development Status Trove classifier 2022-07-23 17:03:11 +01:00
rlaphoenix aaf2362634 Fix exclude pattern of license proto on DeepSource
Seems this ** way didn't work for whatever reason.
2022-07-23 17:00:27 +01:00
rlaphoenix 683c3360a5 Improve the Disclaimers, limit to 5 disclaimers 2022-07-23 16:36:11 +01:00
rlaphoenix 93cdc7f44e Remove f-string without expression, mute unused variable in Cdm 2022-07-23 16:29:28 +01:00
rlaphoenix 943968f2c7 Cdm: Remove the use of .format() in decrypt() 2022-07-23 16:26:09 +01:00
rlaphoenix 657f9357f2 Add various Credits to the README 2022-07-23 16:15:42 +01:00
rlaphoenix 7cc40e802f Link to the PyPI page on the Python ver. badge 2022-07-23 16:12:47 +01:00
rlaphoenix d62b718f6d Add nicer header to README, add badges 2022-07-23 16:11:55 +01:00
rlaphoenix 442a5c9fd6 Add DeepSource config file 2022-07-23 15:55:37 +01:00
rlaphoenix d72607b080 Update Changelog for v1.1.1 2022-07-22 21:21:41 +01:00
rlaphoenix 60bb779c59 Bump to v1.1.1 2022-07-22 21:20:37 +01:00
rlaphoenix e1532b1451 Fix optional --vmp argument to create-device command 2022-07-22 19:25:08 +01:00
rlaphoenix e1951d20d0 Update Changelog for v1.1.0 2022-07-21 17:32:14 +01:00
rlaphoenix 35abd2962f Bump to v1.1.0 2022-07-21 17:32:06 +01:00
rlaphoenix b262e115d3 Add ability to use Privacy mode on test command 2022-07-21 17:28:04 +01:00
rlaphoenix 95982725c3 Cdm: Support providing Service Cert as any 3 schemas
Some service's might provide the Service Certificate as a SignedDrmCertificate instead of a SignedMessage so I added support for supplying such format certificates. I also added support for supplying a DrmCertificate directly, though it's unlikely for a service to provide it raw without a signature like that.

The Service Certificate is now also stored as just the DrmCertificate internally, as it will not be using the signature.
2022-07-21 17:26:14 +01:00
rlaphoenix 70e79825b3 Device: Re-use magic reference across Structures 2022-07-21 16:23:19 +01:00
rlaphoenix f2174dfa72 Device: Blank flags on v1 WVDs when migrating
This flag was technically used before this project and to ensure it will be unused and ready for safe use in this project and on v3 (if/when), we should blank the flags.
2022-07-21 16:21:22 +01:00
rlaphoenix fe21bfe88c Fix migrate cmd's error handling, missing ValueError catching 2022-07-21 16:20:22 +01:00
rlaphoenix 93f70f73c2 Device: Fix header structure, should not be a constant 1 2022-07-21 16:19:52 +01:00
rlaphoenix 1442c945cc Move Migration Code to Device.migrate()
Also now more effectively migrates using the v1 Structure data.

Also fixes the migration error of possibly leaving behind VMP data. Will warn you if VMP data is already in the Client ID (if its different).
2022-07-21 16:10:42 +01:00
rlaphoenix a729648a34 Device: Reference Structures class within Device class 2022-07-21 15:49:17 +01:00
rlaphoenix 3d6ddb8dcd Device: Remove explicit deprecated key control flag
This flag was used before this project was made, never after. Therefore I do not need to actually take this flag slot as deprecated from the get-go.
2022-07-21 15:48:45 +01:00
rlaphoenix b41f09bee4 Device: Add v1 Structure for Migration 2022-07-21 15:42:17 +01:00
rlaphoenix db80776ac0 Device: Move the structure under a Structures class 2022-07-21 15:40:46 +01:00
rlaphoenix 02ca1b00c9 Fix year on release dates in Changelog 2022-07-21 14:08:07 +01:00
rlaphoenix 7b06a3c053 Add cmd to migrate older .wvd files to v2 2022-07-21 13:58:41 +01:00
rlaphoenix 14126c67b1 Remove doc-string about non-existent name argument 2022-07-21 13:34:12 +01:00
rlaphoenix 5e93d6321d Add cmd to create a new .wvd device file
It even adds VMP data to the Client ID blob directly (instead of storing possibly duplicated). It will warn you if the Client ID already had VMP data there.

The filename is generated from client id information and has a crc32 checksum to help avoid with conflicts.
The output directory is the current working directory. You can set the directory with -o/--output.
2022-07-21 13:32:13 +01:00
rlaphoenix 1f389dbab9 Device: Fix typo on `type_` in dump() 2022-07-21 13:09:53 +01:00
rlaphoenix ac4c8affb0 deps: Add unidecode 2022-07-21 13:09:33 +01:00
rlaphoenix f34018afe9 Bump to v1.0.1 2022-07-21 01:38:02 +01:00
rlaphoenix 8298703601 Add Changelog 2022-07-21 01:37:25 +01:00
rlaphoenix e20f251aae Cdm: Simplify Session ID
The whole Session ID based on some weird half buggy reverse engineering is completely unnecessary.
2022-07-21 01:33:09 +01:00
rlaphoenix a55aeb8cce docs: Remove outdated comment about Sessions
Sessions are technically implemented in a non-singleton approach, and the issue that provoked this comment has since been fixed (context data <-> license mismatch).
2022-07-21 01:19:10 +01:00
rlaphoenix 23165f92de Cdm: Fix bug where context data may not correspond to the right license
We are using a trick with the request_id to be able to add an identifier between get_license_challenge() and parse_license() without any middleman data needing to be passed by the user.

Otherwise the user would need to either create the context data themselves after get_license_challenge() and pass it to get_license(), or something that is similar at its core to that.
2022-07-21 01:12:28 +01:00