Commit Graph

253 Commits

Author SHA1 Message Date
rlaphoenix fa499a6a53 Improve verification of proto parsing across Cdm, RemoteCdm and Device
This ensures that a partially parsing input (because of optional flags in the proto) does not get past any verification checks.

This prevents issues like an invalid License Challenging from getting an exception later down the line, as well as possibility of it also passing that check by pure luck, resulting in hard to debug issues.
2022-09-05 12:49:27 +01:00
rlaphoenix 23c766af71 Cdm: Improve accuracy of OEMCrypto request_id research
The main change is that it isn't stored as 16-bytes. Effectively not stored like it realistically probably meant to be. It's instead stored as a hex string that was then encoded to bytes (32 data is now taken up).

But I've also improved the comments about my research for the first half of the request ID. This research is likely still incomplete as I'm just not fully sure about the randomness of bytes 5-8.
2022-09-03 19:43:31 +01:00
rlaphoenix 2af929a83d Cdm: Use reversed OEMCrypto request id formula for Android devices
It's effectively 8 random bytes with a counter thats right-padded (to 8 bytes). This counter is the Session number.
2022-08-21 22:39:26 +01:00
rlaphoenix 838df7c22b Set a unique number to each Session of each Cdm 2022-08-21 22:37:28 +01:00
rlaphoenix 9191e0258f Update Changelog for v1.4.1 2022-08-17 17:26:57 +01:00
rlaphoenix cabcc1c2c2 Bump to v1.4.1 2022-08-17 17:26:44 +01:00
rlaphoenix 077a3aa6be PSSH: Rework from_playready_pssh class method as normal method 2022-08-06 13:48:39 +01:00
rlaphoenix 0d13d4184b PSSH: Rework get_key_ids as key_ids property 2022-08-06 13:45:30 +01:00
rlaphoenix 1064c7953c PSSH: Rework overwrite_key_ids as set_key_ids method 2022-08-06 13:42:31 +01:00
rlaphoenix fc77f064ca Update Changelog for v1.4.0 2022-08-06 12:42:02 +01:00
rlaphoenix f30ca45550 Bump to v1.4.0 2022-08-06 12:41:46 +01:00
rlaphoenix 576d7212d5 Cdm: Privatize the sessions map even harder
This is to further discourage direct access to the sessions directly
2022-08-06 12:36:48 +01:00
rlaphoenix 4f32b4b790 RemoteCdm: Increase minimum supported server to v1.4.0 2022-08-06 12:36:48 +01:00
rlaphoenix 2e2b5d528a RemoteCdm: Improve API error handling 2022-08-06 12:36:48 +01:00
rlaphoenix 2179987986 RemoteCdm: Remove all uses of Session()
This is now possible because everything relating to an underlying session is now finally fully remote thanks to the changes surrounding the new get_keys() method.

Any client code still getting keys by accessing `_sessions` manually should be updated to use the get_keys() method.
2022-08-06 12:36:48 +01:00
rlaphoenix 665b77bd24 serve: No longer return keys in /parse_license
/get_keys should now be used after /parse_license call is made.
2022-08-06 12:36:48 +01:00
rlaphoenix 3499c0cf4d RemoteCdm: Implement get_keys() 2022-08-06 12:36:48 +01:00
rlaphoenix e4e109b9f3 RemoteCdm: Remove unnecessary parsing of license msg 2022-08-06 09:54:14 +01:00
rlaphoenix 1d606a9e54 Use Cdm.get_keys in license CLI command 2022-08-06 09:54:14 +01:00
rlaphoenix f36977ef19 serve: Improve type hinting on Cdms gotten from app["cdms"]
For some reason on PyCharm typing doesnt work normally here even though the definition is provided in _startup().
2022-08-06 09:54:14 +01:00
rlaphoenix dd1a355691 serve: Improve error handling on /parse_license 2022-08-06 09:54:14 +01:00
rlaphoenix 6eceaaf410 serve: Remote TODO that will not be done
We shouldn't really provide the derived context keys. There isn't any use to them outside of that specific license request and license response for which it was derived from. The only use to them would be to allow the client to decrypt the keys manually, which wont be necessary nor secure.
2022-08-06 09:54:14 +01:00
rlaphoenix bd62b8d131 serve: Provide key_type to get_keys as-is
There's no need for serve code to handle parsing of it when the Cdm code will do so better.
2022-08-06 09:54:14 +01:00
rlaphoenix 11a2358002 serve: Improve error handling on /get_license_challenge 2022-08-06 09:54:14 +01:00
rlaphoenix f2ed83205b serve: Provide license type to get_license_challenge as-is
There's no need for serve code to handle parsing of it when the Cdm code will do so better.
2022-08-06 09:54:14 +01:00
rlaphoenix 796cf7ffb0 serve: Improve error handling on /set_service_certificate 2022-08-06 09:54:14 +01:00
rlaphoenix 2c33af79df serve: Catch InvalidSession instead of manually ensuring session validity 2022-08-06 09:54:14 +01:00
rlaphoenix 93d9561fac serve: Use Cdm.get_keys() instead of accessing _sessions 2022-08-06 09:54:14 +01:00
rlaphoenix c73078b7a9 serve: Add /get_keys endpoint 2022-08-06 09:54:14 +01:00
rlaphoenix 2445297ae8 serve: Match endpoints with Cdm class methods 2022-08-06 09:54:14 +01:00
rlaphoenix 01416f6513 Cdm: Add a method to get keys from loaded license 2022-08-06 09:54:14 +01:00
rlaphoenix 60e3ef0201 Remove unused Container import from Cdm and RemoteCdm 2022-08-06 08:27:19 +01:00
rlaphoenix a1844fb195 gitignore: Exclude *.wvd for security 2022-08-06 08:21:30 +01:00
rlaphoenix 26d81a7bef PSSH: Allow crafting v0 boxes with just Key IDs
This is actually possible and in some cases necessary. While v0 boxes do not use key_IDs field of the PSSH Box, we can store the provided key_ids in the init data. E.g., Apple Music.
2022-08-05 08:31:14 +01:00
rlaphoenix 27a701aaea Cdm: Rework init_data param to expect PSSH object
A by product of this change is dropped support for providing a PSSH or init data directly in any form, that includes base64.

You must now provide it as a PSSH object, e.g., `cdm.get_license_challenge(session_id, PSSH("AAAAW3Bzc2...CSEQyAA=="))`

The idea behind this is to simplify the amount of places where parsing of PSSH and Init Data to a minimal amount. The codebase is getting quite annoying with the constant jumps and places where it needs to test for base64 strings, hex strings, bytes, and direct parsed PSSH boxes or WidevinePsshData. That's a ridiculous amount of code just to take in a pssh/init data, especially when the full pssh box will eventually be discarded/unused by the Cdm, as it just cares about the init data.

Client code should pass any PSSH value they get into a PSSH object appropriately, and then store it as such, instead of as a string or bytes. This makes it overall more powerful thanks to the ability to also access the underlying PSSH data more easily with this change.

It also helps to increase contrast between a compliant Widevine Cenc Header or PSSH Box, and arbitrary data (e.g., Netflix WidevineExchange's init data) because of how you initialize the PSSH.

It also allows the user to more accurately trace the underlying final parse of the PSSH value, instead of looking at it being pinged between multiple functions.

RemoteCdm now also sends the PSSH/init_data in full box form now, the serve API will be able to handle both scenarios but in edge cases providing the full box may be the difference between a working License Request and not.
2022-08-05 08:26:03 +01:00
rlaphoenix 2a87d55e20 PSSH: Add dump and dumps methods 2022-08-05 08:26:03 +01:00
rlaphoenix 76c7a402eb PSSH: Optimize how overwrite_key_ids works with the repeated field
We can clear a repeated field with `del field[:]` and overwrite an entire field with `field[:] = [b"123", b"456"]`. So we can reduce this down to a single call operation.
2022-08-05 08:26:03 +01:00
rlaphoenix 10fb954097 PSSH: Remove from_key_ids, use new() instead 2022-08-05 08:26:03 +01:00
rlaphoenix 9d7eaf4949 PSSH: Rework from_playready_pssh as a class method 2022-08-05 08:26:03 +01:00
rlaphoenix 0537c9666c PSSH: Add `new()` class method to craft boxes manually 2022-08-05 08:26:03 +01:00
rlaphoenix fc47bbb436 PSSH: Merge get_as_box into the Constructor
Also improves the code of it overall including documentation.

The _box class instance variable has been removed and the raw box is no longer kept.
2022-08-05 05:33:13 +01:00
rlaphoenix 1ea57865ad PSSH: Fix usage of WidevinePsshData's key_ids field 2022-08-04 09:46:30 +01:00
rlaphoenix f09a06857a Update Changelog for v1.3.1 2022-08-04 08:39:50 +01:00
rlaphoenix e4f6a23725 Bump to v1.3.1 2022-08-04 08:39:42 +01:00
rlaphoenix f21a21712b RemoteCdm: Improve Server Version testing
Some systems like Caddy or Nginx will prefix their own word to the Server header, e.g., `Caddy, pywidevine server v1.2.3` so I had to change a fair bit of the code to have wider compatibility across some unknowns that may occur with the Serve header.
2022-08-04 08:33:33 +01:00
rlaphoenix a1494a3742 Allow specification of Cdm device_type as string 2022-08-04 08:26:41 +01:00
rlaphoenix 5b13e1a689 serve: Don't require force_privacy_mode to be defined on config 2022-08-04 08:22:06 +01:00
rlaphoenix c9288dc391 Update Changelog for v1.3.0 2022-08-04 05:56:47 +01:00
rlaphoenix 7640d6fcab Bump to v1.3.0 2022-08-04 05:56:38 +01:00
rlaphoenix 3d794ad659 RemoteCdm: Implement /set_service_certificate 2022-08-04 05:54:15 +01:00