With more ways to stream online video than ever before, protecting video continues to be a key issue for copyright holders.
This is often achieved through Digital Rights Management, which is often referred to by the initials DRM. In a nutshell, DRM is an anti-piracy tool that dictates when and where digital content can be accessed.
Widevine DRM is one of the leading players in the field. The Google-owned technology is used by many of the largest streaming services including Amazon, Netflix and Disney+. As such, keeping it secure is vital.
Widevine DRM
Widevine DRM comes in different levels. The L1 variant is the most secure, followed by L2 and L3. While the latter still protects content from being easily downloaded, it’s certainly not impossible to bypass, as pirates have repeatedly shown.
4K leaks are not that unique anymore either. The tools to bypass the strictest protection are made available through private channels and for a few days, they’ve been floating around in public as well.
A developer named “Widevinedump” posted a collection of download tools on GitHub. These include the ‘DISNEY-4K-SCRIPT’, ‘Netflix-4K-Script’, ‘WV-AMZN-4K-RIPPER’, ‘HBO-MAX-BLIM-TV-Paramount-4k-Downloader’, ‘APPLE-TV-4K-Downloader’ and several others.
TorrentFreak spoke to a source who confirmed that these scrips are indeed the real deal. That said, they appear to be relatively old pieces of code that may not be the most secure. Using these tools could get someone banned by a streaming platform, or perhaps worse.
Pay to Play?
There is another major issue that raises suspicion. Most of the download tools don’t come with the Content Decryption Module (CDM) that’s included to download 4K content. To gain access to that, people are required to buy it from the leaker, who writes that people can contact them via email.
That said, there is also a free L1 Content Decryption Module posted in the ‘LenovoTB-X505X-L1-KEY’ repository. A trusted source confirmed to TorrentFreak that this CDM is indeed working. However, as Widevinedump also notes, it may not be active for much longer.
“Working L1 CDM FOR NETFLIX & ALL SITES |AMZN-DSNP-Blocked|. Note This CDM Will Burn in 2-3 Days So Use as much u can..,” Widevinedump writes.
Punishment
While these leaks are a major blow to the streaming platforms, which do all they can to keep their content secure, the developer has another agenda. In addition to selling CDMs, the code was apparently leaked to “punish” some people on Discord, who we assume shared it privately.
“Hi! My name is WVDUMP. I am Leaking the CDM to burn it & punish few idiots that think themselves as dicord lords [sic],” the developer writes.
Needless to say, using these tools can lead to all sorts of legal trouble and it is clearly in violation of the DMCA’s anti-circumvention provisions. As such, we doubt they will stay on GitHub for much longer.
That said, when something leaks on the Internet it’s generally pretty hard to put the genie back in the bottle.
Update: We contacted the person who posted this material. They said they weren’t aware of the serious legal risks and would remove the code in three days. The backstory, which we won’t publish here, seems rather odd so we’re not sure what to make of all this and remain very suspicious about their intentions.
Update 2: The repositories were removed around the first of January.