[BUG]: Decryption Needed, attempting to decrypt

[NKS1608]

Program version

5.0.3

Operating System

MacOS

Type

GUI

Service

Crunchyroll

Command used

./aniDL

Show ID

G3KHEVDJ7

Episode

13

Console Output

Download and save init part...
Init part downloaded.
10 of 342 parts downloaded [3%] (3s | 7.0Mb/s)
20 of 342 parts downloaded [6%] (3s | 8.0Mb/s)
30 of 342 parts downloaded [9%] (2s | 8.5Mb/s)
40 of 342 parts downloaded [12%] (4s | 5.2Mb/s)
50 of 342 parts downloaded [15%] (3s | 5.7Mb/s)
60 of 342 parts downloaded [18%] (3s | 6.1Mb/s)
70 of 342 parts downloaded [20%] (3s | 6.4Mb/s)
80 of 342 parts downloaded [23%] (3s | 5.3Mb/s)
90 of 342 parts downloaded [26%] (3s | 5.6Mb/s)
100 of 342 parts downloaded [29%] (3s | 5.9Mb/s)
110 of 342 parts downloaded [32%] (3s | 6.1Mb/s)
120 of 342 parts downloaded [35%] (2s | 6.3Mb/s)
130 of 342 parts downloaded [38%] (2s | 6.5Mb/s)
140 of 342 parts downloaded [41%] (2s | 6.6Mb/s)
150 of 342 parts downloaded [44%] (2s | 6.8Mb/s)
160 of 342 parts downloaded [47%] (2s | 6.9Mb/s)
170 of 342 parts downloaded [50%] (2s | 7.0Mb/s)
180 of 342 parts downloaded [53%] (2s | 7.1Mb/s)
190 of 342 parts downloaded [56%] (1s | 7.2Mb/s)
200 of 342 parts downloaded [58%] (1s | 7.3Mb/s)
210 of 342 parts downloaded [61%] (1s | 7.4Mb/s)
220 of 342 parts downloaded [64%] (1s | 6.7Mb/s)
230 of 342 parts downloaded [67%] (1s | 6.8Mb/s)
240 of 342 parts downloaded [70%] (1s | 6.9Mb/s)
250 of 342 parts downloaded [73%] (1s | 7.0Mb/s)
260 of 342 parts downloaded [76%] (1s | 7.0Mb/s)
270 of 342 parts downloaded [79%] (1s | 7.1Mb/s)
280 of 342 parts downloaded [82%] (1s | 7.1Mb/s)
290 of 342 parts downloaded [85%] (0s | 7.2Mb/s)
300 of 342 parts downloaded [88%] (0s | 7.3Mb/s)
310 of 342 parts downloaded [91%] (0s | 7.3Mb/s)
320 of 342 parts downloaded [94%] (0s | 6.8Mb/s)
330 of 342 parts downloaded [96%] (0s | 6.8Mb/s)
340 of 342 parts downloaded [99%] (0s | 6.9Mb/s)
342 of 342 parts downloaded [100%] (0s | 6.8Mb/s)
Decryption Needed, attempting to decrypt
[ERROR] Failed to get encryption keys
[ERROR] Download error: Unable to download episode 13 from G3KHEVDJ7

Additional Information

I have the keys in ./widevine dir

[Jaynator495]

Is there a warning at the top when you run it?

[NKS1608]

Only on cli

[Jaynator495]

Only on cli

Could I see the warning?

Also that's weird, does that mean with the GUI downloading works?

[NKS1608]

On CLI: [WARN] Decryption not enabled! On GUI: Not Work and no Warning

[Jaynator495]

You don't have mp4decrypt properly installed/setup, though on the GUI you should still get that warning, I'll look into fixing that

[NKS1608]

I have changed the in-path.yml to the full path

ffmpeg: "/usr/local/bin/ffmpeg"
mkvmerge: "/usr/local/bin/mkvmerge"
ffprobe: "/usr/local/bin/ffprobe"
mp4decrypt: "/usr/local/bin/mp4decrypt"

[Jaynator495]

What is the result of opening a terminal and typing mp4decrypt?

[NKS1608]

(Bento4 Version 1.6.0.0)
(c) 2002-2015 Axiomatic Systems, LLC

usage: mp4decrypt [options] <input> <output>
Options are:
  --show-progress : show progress details
  --key <id>:<k>
      <id> is either a track ID in decimal or a 128-bit KID in hex,
      <k> is a 128-bit key in hex
      (several --key options can be used, one for each track or KID)
      note: for dcf files, use 1 as the track index
      note: for Marlin IPMP/ACGK, use 0 as the track ID
      note: KIDs are only applicable to some encryption methods like MPEG-CENC
  --fragments-info <filename>
      Decrypt the fragments read from <input>, with track info read
      from <filename>.

[Jaynator495]

Check the bin-path.yml and if it has ".exe" and the end of all the files, remove the ".exe" and check if it works

EDIT: Realized you said MacOS in the ticket itself, whoops

[NKS1608]

I've tried it, I even put in the full path and it didn't work

[Jaynator495]

Weird, so changing the mp4decrypt path to just mp4decrypt doesn't work? How did you add mp4decrypt to your system path?

[NKS1608]

It didn't work, and it's in the path, it was installed by brew

[Jaynator495]

And just to make double sure, you don't have a warning at the very top of the script when running it that says either Private key missing or Identifier blob missing?

Could you share a screenshot of your widevine directory?

[NKS1608]

I'll install it on windows and try it out

[Jaynator495]

I just want to make sure of a few things since I want to make sure there isn't a problem with our auto CDM detection, when you edit device_private_key in a text editor, do you see it starting with -----BEGIN RSA PRIVATE KEY-----, and does the device_client_id_blob contain the text widevine_cdm_version?

[NKS1608]

-----BEGIN PRIVATE KEY-----

widevine_cdm_version16.0.0$ oem_crypto_security_patch_level
02�
� (0
@�H�P�`

After adding RSA to the header, the error changed to -----BEGIN RSA PRIVATE KEY-----

Decryption Needed, attempting to decrypt [ERROR] HTTPError 406: Not Acceptable [ERROR] HTTP Status 406 – Not Acceptable [ERROR] Body: <!doctype html>

HTTP Status 406 – Not Acceptable

[ERROR] Failed to get encryption keys

[Jaynator495]

Aha! For some reason your key just says BEGIN PRIVATE KEY instead of BEGIN RSA PRIVATE KEY Just to test, if you change it to be BEGIN RSA PRIVATE KEY and the ending to END RSA PRIVATE KEY, does it work? If it does, I clearly need to also add detection for the string BEGIN PRIVATE KEY, lol

[Jaynator495]

oh interesting, did you just dump this CDM? Because usually that means the server doesn't accept the CDM. And did you also edit the footer to contain RSA?

[NKS1608]

Yes, I'll try extracting the key from another phone and then try again

[Jaynator495]

If you're comfortable compiling, try changing it back to not say RSA, and try editing line 19 of ./modules/widevine.ts to say

if (fileContents.includes('-BEGIN PRIVATE KEY-') || fileContents.includes('-BEGIN RSA PRIVATE KEY-')) {

It theoretically shouldn't make a difference, but the RSA header may change how the key is being read by the crypto libraries, breaking it

[NKS1608]

I replaced the keys with those from another device and it worked