[Noisebridge-discuss] Hacking Netflix DRM for non-Windows platforms

Kristian Erik Hermansen kristian.hermansen at gmail.com
Thu Jan 17 00:40:14 UTC 2008


So, I mentioned this effort at the meeting.  I want to get started on
figuring this out.  Here's some info for people to start playing
with...

khermans at khermans-laptop:~/netfuxer$ echo -en "\0" >
happy-gilmore.wmv; curl -L -A "WmpHostInternetConnection" -r
1-3999999999 http://index.ehub.netflix.com/item/?x=84lcnmtiiU3xXyxs5GLIt_EIkwmfr8nGp9TuYWR8RyNWdqwUzEJACf-AoOXWV22nleL4r2P7SjTWWRp8o60tuEzQtQlQB9VjzJHdKpVtUMJw4REe3jbgUFz8
>> happy-gilmore.wmv
khermans at khermans-laptop:~/netfuxer$ sha1sum happy-gilmore.wmv
ec3ae957b0327c22c226d5a05cf60f097e02c3d4  happy-gilmore.wmv
khermans at khermans-laptop:~/netfuxer$ ls -sh happy-gilmore.wmv
292M happy-gilmore.wmv
khermans at khermans-laptop:~/netfuxer$ strings -e l happy-gilmore.wmv
<WRMHEADER version="2.0.0.0"><DATA><SECURITYVERSION>2.2</SECURITYVERSION><CID>2052980458</CID><LAINFO>http://movielicense.netflix.com/wm/</LAINFO><KID>Gv/bjoLju0Sd876aZb52TA==</KID><CHECKSUM>Ksfz8wZ9QQ==</CHECKSUM></DATA><SIGNATURE><HASHALGORITHM
type="SHA"></HASHALGORITHM><SIGNALGORITHM
type="MSDRM"></SIGNALGORITHM><VALUE>aHyCygOIiLRwXZS1hoVA1MNFpEk0niXGc3L5tmnqQmIOPwTP6RNZHA==</VALUE></SIGNATURE></WRMHEADER>
        )Q|
f#)o
F*E-
khermans at khermans-laptop:~/netfuxer$ strings -e b happy-gilmore.wmv
n-us
IsVBR
DeviceConformanceTemplate
IsVBR
DeviceConformanceTemplate
MP at LL
WMFSDKVersion
11.0.5721.5145
WMFSDKNeeded
0.0.0.0000
VBR Peak
IsVBR
(ASFLeakyBucketPairs
Buffer Average
Windows Media Audio 9.2
* 64 kbps, 44 kHz, stereo (A/V) 2-pass CBR
Windows Media Video 9
FILENAME
^http://www.microsoft.com/isapi/redir.dll?Prd=WMT4&Sbp=DRM&Plcid=0x0409&Pver=4.0&WMTFeature=DRM
T       )?
}       *L
+!)M
r"*T
f#)^
$%))
|(*fy
p)*L
d**!
d**}
",*i
].*(
Q/*`A
o0)=
91*.
>4*p
P6)i
*;EQ
*}e1
78*Z
I:)<
Z<**
B>*P
GA*Y
eB)'
#D)A
LD*/
RG)~
2M*f
PN*X
DO*9
8P)J
gS)1
1T*=



Some things to figure out:
* Windows Media Player 11 with latest DRM modules are needed
** This is presumably because Microsoft now allows content providers
to embed the customer ID information into the MSDRM decryption module
* WMP grabs the keys numerous times if using Internet Explorer plugin
** It is perhaps possible that time of playback is somehow embedded in
your decryption key.  Does WMP11 grab the key once, cache it, and grab
subsequent updates automatically?  Or is this all wrong and only one
key is always needed to decrypt a given video?  We can sniff key with
mirakagi on Windows, but not on any other platform.

Some software that needs to be written:
* Something that performs the key grabbing function for a given DRM
video and saves the key
* FU4WM ported or new code to do the same on non-Windows platforms
* A watermark stripper, as it is presumed that Netflix embeds such things

The final question is -- will the effort be worth it?  This could be a
lot of work, and I'm not sure we have all the reversing/crypto
expertise in the group to make an app available on non-Windows
platforms.  However, if we did, it could perhaps be used to gather
some financial contributions to the group and publicize the space.
Thoughts?
-- 
Kristian Erik Hermansen
"Know something about everything and everything about something."



More information about the Noisebridge-discuss mailing list