search

FoxRefire / wvg

Chrome/Firefox extension for pen-testing to retrieve encryption keys of Widevine protected content !DON'T DECRYPT CONTENT UNLESS YOU HAVE THE RIGHT TO DO IT!
GNU Affero General Public License v3.0
230 stars 54 forks source link

Bug in VdoCipher schemes #13

Open rgysoft opened 4 months ago

rgysoft commented 4 months ago

Hi, When using VdoCipher scheme and when executing "await js.corsFetch(..)"

[with Firefox] i have this error: "TypeError: tabs[0] is undefined" [with Chrom] i have this error: "TypeError: Cannot read properties of undefined (reading 'id')"

i checked url, headers (before js transformation), payload! all seems to be ok! thank you very mutch

FoxRefire commented 4 months ago

Could you edit popup.js like following and check log output? Also, if you unzipped the updated extension into the same directory, did you reload the extension?

window.corsFetch = (u, m, h, b) => {
    return new Promise((resolve, reject) => {
+       console.log("Debug:"+pageURL)
        chrome.tabs.query({ url:pageURL }, (tabs) => {
            chrome.tabs.sendMessage(tabs[0].id, {type:"FETCH", u:u, m:m, h:h, b:b}, (res) => {
                resolve(res)
            })
        })
    })
}
rgysoft commented 4 months ago

Could you edit popup.js like following and check log output? Also, if you unzipped the updated extension into the same directory, did you reload the extension?

window.corsFetch = (u, m, h, b) => {
    return new Promise((resolve, reject) => {
+       console.log("Debug:"+pageURL)
        chrome.tabs.query({ url:pageURL }, (tabs) => {
            chrome.tabs.sendMessage(tabs[0].id, {type:"FETCH", u:u, m:m, h:h, b:b}, (res) => {
                resolve(res)
            })
        })
    })
}

https://xxxxxxxxxx/subjects/441-%D8%A5%D9%8A%D9%82%D8%A7%D8%B8-%D8%B9%D9%84%D9%85%D9%8A/chapters/10059-tsjylt-lhss-lmjny-2023-2024/recordings/185020-31-10-2023-hsw-mjwny-ll-yqz-lmy-hs-mjny-hwl-mhwr-lhw/content

when i change code to this chrome.tabs.query({}, (tabs) => { and keep only the video tab, I can pass the error, so the problem is in utf8 caracters in url (arabic)

but unfortunately after doing this change the response is {'code': 2011, 'message': 'request unwrapping failed'} :( thank you

FoxRefire commented 4 months ago

I see. Could you check if it works with https://www.vdocipher.com/video-security/ ? If not, confirm if CDM you are using is extracted from a physical device.

rgysoft commented 4 months ago

I see. Could you check if it works with https://www.vdocipher.com/video-security/ ? If not, confirm if CDM you are using is extracted from a physical device.

same error {'code': 2011, 'message': 'request unwrapping failed'}, yes, CDM extracted from my phone, but probably blocked by vdocipher, I did too many tests before your script, and last error with other script is "{"code":2046,"message":"Authentication failed"}" that's weird all vdocipher video works well on my phone

FoxRefire commented 4 months ago

Hmm, Did you enable License blocking? Right-click --> Enable License blocking If enabled, an error message "Error 6007" should appear and the video will not play. Also, try setting Useragent to Firefox Linux. Someone reported that this worked on Amazon.

If this does not work, try the following:

  1. Enable License blocking
  2. Insert the line "print(payload)" after line 6 of VdoCipher.py
  3. Check the console, you will now get an unconsumed token.
  4. Check if the retrieved token can be used with vdochipher-dl
rgysoft commented 4 months ago

I tested that before, tested with unconsumed token (request blocking with fiddler) but always {"code": 2046,"message":"Authentication failed"}", I think my CDM is the problem, I will test with other fresh CDM when possible, thank you very much

FoxRefire commented 4 months ago

Could you send DRM Info screenshot on your phone? https://play.google.com/store/apps/details?id=com.androidfung.drminfo

rgysoft commented 4 months ago

Could you send DRM Info screenshot on your phone? https://play.google.com/store/apps/details?id=com.androidfung.drminfo

Screenshot_20240513-065133_DRM Info Screenshot_20240513-065145_DRM Info Screenshot_20240513-065149_DRM Info

FoxRefire commented 4 months ago

The screenshot shows a slightly older Android version, so perhaps that is the cause. Can you play the VdoCipher's video from this your phone itself?

rgysoft commented 4 months ago

The screenshot shows a slightly older Android version, so perhaps that is the cause. Can you play the VdoCipher's video from this your phone itself?

probably, yes all VdoCipher's video work fine in this device, thank you

Worz01 commented 2 months ago

The screenshot shows a slightly older Android version, so perhaps that is the cause. Can you play the VdoCipher's video from this your phone itself?

Im trying the Vdocipher demo page to test the ext, using a moto c plus(android 7.0) cdm but it doesnt fetch the keys. Theres no error per se, but the ext freezes and does nothing.

Not creating a new issue as this thread effectively highlights this.

Quick notes:

  1. vdocipher demo video doesnt play on the moto c plus. It needs an additional zen player to play.
  2. There is no problem playing the demo on my much older Samsung galaxy Note 4 Sm-N910 with Android 6.0.1 but I havent rooted(or vis-a-vis dumped cdm)it as that would reset my phone to factory settings.
Kruglianin commented 2 months ago

Hello @FoxRefire Is there any hope that the scheme will be able to work again? Thanks in advance.