Widevine DRM enabled for streams #233
Comments
|
Same thing here. Gray screen, flood of ffmpeg errors together with some 404 error from F1viewer itself when playing the Australian GP Practice 1 LIVE. |
|
Yes, unfortunately this seems to be a problem with DRM, which they have started implementing. That really sucks, because there is no fix. Better explained by the creator of Race Control (which also suffers from this problem): |
|
What a shame, I had my own build that I could watch from my Ipad , the only reason is use it is because the f1 player is so terrible and using f1viewer proxy ensures I always get 4k. Now the mpd file doesnt open in safari and on VLC / MPV just a grey screen with garbled vertical lines. |
|
To whom it may concern, **** you! |
|
1080p50 is the highest quality, my friend. But I agree, we need the 3rd party players! This is so not right xD |
|
https://www.bento4.com/documentation/mp4decrypt/ Don't have much time, but think there are still some options. But they make it harder. |
|
Same here. MPD files with no audio and 'gray' video.... |
SoMuchForSubtlety
changed the title
SoMuchForSubtlety
changed the title
Sorry to say but this method still requires a way to actually get the master content key from Widevine DRM to make it work. Basically, the media is encrypted using a static key. This key is processed by Widevine CDM (content decryption module) on the client device by talking with the Widevine server or doing some secret key stuff (this part is typically heavily obfuscated so difficult to reverse engineer) and actually performs the AES-128 CTR decryption on the content so the master key does not leak. If you can get the content's master key (there used to be ways, Google it - Widevine had a huge 'security issue' not too long ago which allowed extracting the master keys by chrome extension (!), but now it's very hard again) you can decrypt the content without doing the Widevine stuff (its actually built-in for some players, including ffmpeg). That's also how those 'illegal streaming websites' keep on popping up using the actual CDN of the streaming service itself. But then again; this assumes those master content keys are not random and they never change.. Alternatively, instead of trying to find the master keys skipping Widevine completely, you may be able to implement some version of the CDM library like https://gist.github.com/ruario/3c873d43eb20553d5014bd4d29fe37f1 and then make a wrapper that calls the library to use the decryption part, the same way they do it for Kodi; https://github.com/emilsvennesson/script.module.inputstreamhelper/blob/master/lib/inputstreamhelper/widevine/widevine.py. But I wouldn't get my hopes up. It will be painstakingly hard. |
I see what you did there 💥🎧💥 |
|
Let's say I had the keys (completely possible and it's one WV master key), anyone aware of any players for Mac that support playback with key? Something like the adaptive.license plugin for Kodi? |
|
Is this a global issue or a european issue due to DSGVO? Just observed that If I start a screenshot tool like greenshot the stream in the webbrowser of F1TV get black to prevent screenshots from the screen. I expect this is something regarding Copyright (Urheberrecht) which is huge changed in DSGVO. |
If you have the master keys, you should use a player that supports CENC decrypting (common encryption, AES-128 CTR) with the key. Alternatively, you could use ffplay/ffmpeg to open the stream, then pipe the audio/video output to another player of your choice (see https://stackoverflow.com/questions/44939166/ffmpeg-how-to-produce-mp4-cenc-common-encryption-videos/44949160#44949160 You can also let ffmpeg write the stream into an UDP Multicast group, so you can also access it from other players in your network. Or to an RTMP stream for example. |
|
Unfortunately not that easy as it falls over once it starts pulling the mp4 segments (HTTP Error 400, Bad Request), I'm guessing it's missing some header information, I'll have a play about with it further and report back |
IIRC streams gotten through f1viewer might give you a 401 if the Might be easier to copy a link from a browser session into ffmpeg and see if that works? Or changing the user-agent from ffmpeg to something less trivial to block. :-) EDIT: Nevermind above. I see what you mean now. DASH streaming is protected by setting a cookie from the manifest request forward. I guess you need cookies support in ffmpeg (which does not exist), or a proxy that adds the cookies for you. You could also try to put the cookies in manually by looking at the cookies set for your browser session. |
|
Ok with one massive line into FFplay with all the headers it attempts to play but I'm getting 'Option decryption_key not found', perhaps I need a different version of FFplay, again I'll report back. |
Guess you need the module 'crypto' built in. Which might also require building from source. |
|
it has the crypto module, I'll build a new version |
|
sooo close So FFmpeg starts doing its thing, then spits out a ton of these... Stream mapping: |
|
Those warnings could also well be non-fatal. For example; sometimes in the stream audio tracks can be added or removed dynamically, depending on the broadcast. In such case, track indexes might change. Does it actually produce a playable video/audio output if you try to write it to a file? Maybe you can try |
Excellent explanation, I sent the output to a local rtmp server so I could watch the stream as it came in, unfortunately it just gave a green screen however the bitrate, resolution and fps were all correct, which leads me to believe the code is correct except for how it's handling the WVkey, so next I'll dump it to a .mp4 and see if mp4decrypt can process it. |
|
For some weird reason, the HLS variant (if you use Safari as playback client) seems to be unencrypted again now for Qualifying Australia.. I also noticed it uses the same EDIT: Nevermind, this is probably just the content moving from 'restart' (e.g. recording of the live stream) to 'video-on-demand' after processing. However I noticed Above comment about trying HLS if the |
|
the WV kid is what I'm referring to from within the mpd, from what I've tested so far they seem to use 1 kid, pssh and master key for all streams and it changes daily. EDIT: Yeah the m3u8's play any, they're not using DRM encryption. |
|
Usually, there is one master content key (the same origin software is usually responsible for encrypting and packaging HLS/DASH variants of the same source). The DRM system is actually only in charge of giving you the correct content decryption key, it does not really do more than that (but in reality it has to because it cannot risk to leak the master key, so hardware/software implementations usually also take care of decryptingthe media and securely playing back the video - which is why you cannot screenshot/record the framebuffer output as it's virtually not there and using a 'secure' path to the graphics card). Thanks to CENC (=Common Encryption) standard almost all streaming formats could in theory use the same encryption method. Usually, it is quite common that content is using the same master key across all streaming formats. But, these are all assumptions of course.
Also unable to check right now as the platform does not seem to deliver the URL's for the actual 'live' stream variants anymore, just the replay versions, which makes comparing them hard..
I guess when they 'archive' something as 'replay' content, they are using another way of serving the content. In Chrome, it also gives you a HLS type stream. This content hasn't got any DRM on it indeed. Though, when a broadcast is 'live', they seem to use Fairplay on the HLS stream. Which is Apple's Widevine responsible of giving the client the key. Which might coincidentally be the same CENC key you extracted from the DASH WV stream. |
|
The real problem however is that sharing the master content key is actually considered circumventing 'effective' DRM which is illegal to do in most countries. Having said that, kinda in it to see if you can get it working. Which would be awesome. But still, not really practically usable for a typical f1viewer user. |
They expire every 24 hours, that part is controlled via HMAC |
First things first lets get it to stream live, if ffmpeg doesn't support 'on the fly' decryption then we could find something that does, or the really long method would be to script it to download segments, decrypt then then create a new stream with the decrypted segments. |
In my case it was unchanged from Saturday until today. |
Not sure on that then, from experience it's been 24hours for me |
|
This is the smallest problem, I would say, Bento4-SDK needs to be integrated into the script, the order of events being download, decrypt, play... |
|
The script could also extract the token automatically, without our intervention, using the Firefox library. |
Yes, but that still requires knowing how the mpd segments fall, as this seems different in archive to race day |
|
The information is in the header, only the decryption key can decipher the order and size of the chunks, which is between 2 and 4 sec for .mpd files. |
|
There are some dowloader software, like youtube-dl, that works with command prompt, that would know how to download .mpd in chunks, I don't know how much and how it would work live. |
All Apple clients (Safari Browser, iPhone, AppleTV etc.) get m3u8 encrypted with Apple's DRM called FairPlay. As far as I know this only works on Apple devices. |
|
Noah is correct. F1TV puts out two DRM streams. One is Widevine, the other is FairPlay. Widevine is used for most clients (web, Android, Android TV, Fire TV devices), and FairPlay is used exclusively for Apple devices/software (Safari, iOS/iPadOS/tvOS app). On the Apple side, it's a little bit easier to deal with since there are system modules you can call to handle it. |
So right now, it could be possible to let f1viewer users on Mac to use this different DRM stream easily? Could be a possible scenario @SoMuchForSubtlety ? Or is a difficult workaround to introduce just for Mac users? |
|
@maturd Not to respond for the maintainer but, when I say "system modules", I'm referring to an app written in Apple's own Objective-C or Swift languages. VROOM TV is a native app on Apple TV, that's why it can do that. It's not as easy as enabling something for a Mac build. F1Viewer just launches playback though - it's not trying to be the player. It's not the stream URL retrieval that needs DRM support, it's the player. I wonder if setting the useragent to be the iOS F1TV app will provide a FairPlay stream that could be viewed in QuickTime though. |
|
Is there a branch to test for this weekend? |
Probably not. DRM is probably extremely hard to bypass |
DRM isn't hard to bypass (WV at least isn't), getting ffmpeg to playback encrypted with the key is where I'm falling down, but I know it will work if someone with FFmpeg knowledge has some time to take a look. I was able to download an existing mpd, decrypt it, then play it back with no issues. |
|
@notarobot1337 that means good things, no? Not an expert, but I mean we're at least 10% there, surely? |
|
Can we can use |
|
Not testing, there's been some progress made elsewhere though, perhaps the author could get in touch. If you wanna test this with key msg me on TG |
This is good news. You should provide more details so author can review it. |
He’s completely right for this suggestion as it does work with the correct set up. As for posting proof on a public GitHub… I don’t see that as a good idea…. |
|
disclosure: I'm the developer of MultiViewer for F1, hope this is ok to post here Since other 3rd-party apps were rendered useless for live broadcasts, I started working on my own application, which uses Electron (with content decryption module, from CastLabs). It uses the same player as F1TV, but it uses a different configuration that leads to a better sync, less stalling/buffering, and a more pleasant viewing experience overall. I was also able to add Live Timing overlays (on live sessions for now) that can be synced with the driver on-boards to show live telemetry on top of the OBC player. Still working on a better sync during replays and to allow live-timing to work on replays. I hope to open-source it at some point, but it's already available to try (and many have tried last race): https://beta.f1mv.com/ I'm also on Discord (invite on the beta site), to help other 3rd-party apps if they are using the same (web-based) approach. |
Are you able to download the video right after live session ends with no DRM? |
No, MultiViewer is meant to be a viewer only, not to aid downloading, for this, RaceControl and F1Viewer are still both great options :) |
and others
Please check the FAQ and search existing issues before you submit a new one!
Describe the bug
Whatever live feed I try to open (MPV, IINA, VLC) I only get a grey screen with no audio. If I try to copy to clipboard and open the link in Safari I don't get a video there too but it download a .mpd file that is unplayable.
To Reproduce
Steps to reproduce the behavior:
Expected behaviour
Play feed
Screenshots
If applicable, add screenshots to help explain your problem.
F1TV account plan
Pro Account. No VPN
Desktop (please complete the following information):
Logs
If applicable please provide the relevant portion of your logs. You can find them by running
f1viewer -logs.The text was updated successfully, but these errors were encountered: