Today's theme seems to be DRM. Security researcher David Buchanan has managed to crack open Widevine L3, one of Google's less secure Widevine DRM implementations used by apps like Netflix and Hulu. Once decrypted, streams using the DRM method can be played back in "plain old ffmpeg" — trivially easily, in other words.

On the off-chance you aren't familiar with Widevine, it's Google's free, in-house DRM solution, used by many Android apps and services. You may remember when the OnePlus 5T (and all previous devices from the company) were incapable of playing back Netflix content in 1080p. That was because the phones only supported Widevine L3, which most services only trust for lower-resolution playback. The L1 implementation, which is presumably more secure, is required for 1080p content playback. L1 certification also requires that the secure components be "installed in the factory or delivered to the device using an approved secure delivery mechanism," while L3 essentially only requires a secure/locked bootloader to function together with nebulously "appropriate measures" taken to protect both the cryptographic information and the decrypted content.

Soooo, after a few evenings of work, I've 100% broken Widevine L3 DRM. Their Whitebox AES-128 implementation is vulnerable to the well-studied DFA attack, which can be used to recover the original key. Then you can decrypt the MPEG-CENC streams with plain old ffmpeg... — Dаvіd Вucһаnаn (@David3141593) January 2, 2019

Documentation for the L3-breaking exploit is sparse, though Buchanan does provide a few technical details regarding both L3's security and the attack used to compromise it. He claims that it was "scarily trivial to pull off" with the help of the Side-Channel Marvels project, apparently requiring only "a few evenings of work." He also states that he hasn't looked yet at the more secure Widevine L1 — which, if circumvented, would be a much bigger headache for Google, Netflix, and other companies using it.

It remains to be seen whether or not Google plans on hardening the now-cracked L3 implementation, and it isn't immediately clear if Buchanan disclosed the vulnerability to Google before making public his discovery. He states that he "does not consider this a bug," but a flaw in the DRM design and therefore incapable of being fixed, though the current exploit could be mitigated through increased obfuscation, and subsequently reduced performance.

Glorious header image by David Buchanan.