SuprBay: The PirateBay Forum

Full Version: Help: Questions about DRM Schemes and Downloading
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi Everyone,

Firstly, I did not know in which specific section to post this query on this forum, and decided for "General." I assume that we are allowed to discuss this on this site, since the site is itself illegal. I told myself "If I can't ask on the Pirate Bay, where else?" However, due to search engine indexing, we might still not be allowed to do this. In which case, I apologize in advance. 

Before I begin, if you must give specific info just do it by private message. I don't mean something generic like "The way it works is by requesting a key to a server" but rather like "replace hardcode address 0x6feb60 in DRMdecrypt function before dump)


I have an interest in decrypting mpeg-dash from services where I have a paid subscription, so that I can store the original quality output for personal use (i.e. my own Plex server). I have a superficial understanding of these systems (I can't code, I merely 'dabble') but it seems extremely difficult to obtain a key for decryption.

I have a rooted 2nd gen Fire Stick device and I have been analyzing the logcat and Playready scheme; however, I understand that decryption is taking place in the Trusted Execution Environment which is not accessible (unless you know a way to access it or dump the memory stacks while the decryption is taking place). The service I have been testing is "All 4" (I am UK based) and I have obtained information via the adb unix shell.


From reading the logs I have noticed what might be a few interesting things, but I don't have enough understanding to know whether they are significant or not. For instance the device calls for "MediatekKeyMaster" and "AESEncryptor" libraries which play a part in the decryption/encryption process. Could any info be extracted here?

In the memory dumps there are 32 char values in /dev/ashmem/shared_memory/, are these useful at all for anything?

Lastly, I have pulled AIVDrmStore from /data/playready hoping to get some information in a hex editor, but I didn't think there was anything worthy.

I really hope you can point me toward the right direction in order to make heads of tails of the information I have available. I know that some Android FDE have been bruteforced (i.e. with keymaster_mod.py script) so I wonder if any information is possibly gathered after decryption takes place in the TEE.

I am aware of these tools T3rry7f/WideVineDump, /CrackerCat/video_decrypter

or the Bento4 library.

I understand that it might be a lot easier to decrypt videos in Chrome, as the TE environment is normally unaccessible, and the above tools could be used for this purpose. But I don't understand how they are used at all. 

I hope that someone can help, although I understand why up to now nobody wants to. And the reason is not Scene exclusivity (up to debate whether an actual Top Site Scene exists still) but it is the greed of these Corporations and how aggressive they can be in juridical terms (you can do more years in jail for pirated content than murder more often than not).

Thanks so much for reading.