Commit Graph

238 Commits

Author SHA1 Message Date
rlaphoenix
64ae5709d3 serve: Handle TooManySessions on /open 2022-08-02 01:48:48 +01:00
rlaphoenix
5c1b0e89ef Cdm: Support multiple forms of Service Certs in encrypt_client_id 2022-08-02 01:48:48 +01:00
rlaphoenix
0c85abb2d4 Cdm: Save Service Certificate in SignedMessage form
We may need the signature for external verification, and most APIs require it to be in a SignedMessage to be accepted, even though the SignedMessage is pretty much empty (not even actually signed lol).
2022-08-02 01:48:48 +01:00
rlaphoenix
a0fa559255 deps: Downgrade lxml to >=4.8.0
This is to add support with projects that likely use pycaption which does not yet support lxml 4.9.0 or newer.
2022-07-31 06:33:18 +01:00
rlaphoenix
3e1ccaf5ba Add correct changelog relating to serve command on v1.2.0 2022-07-31 01:32:39 +01:00
rlaphoenix
17384a8908 Bump to v1.2.0 2022-07-30 22:15:18 +01:00
rlaphoenix
7bb9ebf8f7 Update Changelog for v1.2.0 2022-07-30 22:14:59 +01:00
rlaphoenix
e36411cfaf Cdm: Clear context for the challenge once loaded
This stops users from loading the license twice, which wouldn't do anything wrong, but without doing this context deletion we could possibly end up with a ton of memory that would likely go unused if the same Cdm session is used a lot for a long time.
2022-07-30 05:13:30 +01:00
rlaphoenix
d744ed4c90 Update serve for Cdm changes, add /open endpoint
I've moved the majority of Cdm initialization from /challenge to /open, this is pretty much necessary to have a proper session setup like Cdm now has.

A session setup is required for an API like this to know what cdm to associate user's calls with. The session ID it uses is now the same session ID it actually uses in the Cdm but it's returned to the user as hex. The user is expected to provide it in hex as well.
2022-07-30 05:08:30 +01:00
rlaphoenix
c7ec596031 Update license CLI command for Cdm changes 2022-07-30 04:50:18 +01:00
rlaphoenix
3536caf5f9 Rework Cdm as a Session Key/Store Cdm
There's a few benefits to this but the main one being storage for each "request". We can now change Service Certificate per-session for example rather than for the entire Cdm object. In a multi-threaded scenario this can be a necessity more than anything.

The device is the only bit of data left that does not get stored in a session. This is mostly due to myself not seeing it being switched out often and setting it per-session would likely be cumbersome.

Some other small improvements are all around. There's a ton of doc-string improvements, typing improvements, verification of types, and there's now custom Exceptions.

In terms of bug fixes there isn't any I fixed explicitly but a possible issue in decrypt() relating the Key Labels may now be fixed.

I've moved the Keys from the return of parse_license() to the session data, with decrypt() now loading them from the session data instead. This keeps the decryption keys out of the view of the caller but it is by no way impossible to get those keys. It is incredibly trivial to access the session and get the keys from the Cdm manually.

A session limit of 50 is still set by the Cdm.
2022-07-30 04:50:18 +01:00
rlaphoenix
58186de464 Create Exceptions 2022-07-30 04:50:17 +01:00
rlaphoenix
999900278f Create a Session class 2022-07-30 04:31:03 +01:00
rlaphoenix
82d99d50d0 Cdm: Fix typing of type_ param on get_license_challenge()
`LicenseType` shouldn't be used as a type-hint as its not a Type.
2022-07-30 04:22:35 +01:00
rlaphoenix
3afcf9c01c Cdm: Improve readability of license signature exception 2022-07-30 03:13:58 +01:00
rlaphoenix
3a15c1050a Cdm: Fix context availability check in parse_license() 2022-07-30 03:11:21 +01:00
rlaphoenix
71a43a069d PSSH: Fix mistake in the doc-string of get_as_box() 2022-07-30 02:56:22 +01:00
rlaphoenix
0bfbbdccc3 Cdm: Return the service cert provider id instead of the cert
There's no need for the user to get back the verified DrmCertificate as they could easily get it themselves. Instead return the provider ID which may be more useful to get.
2022-07-30 02:50:22 +01:00
rlaphoenix
d1974ad1fb Cdm: Improve parsing of service certificates 2022-07-30 02:44:34 +01:00
rlaphoenix
7078759cdf Remove uses of raw from CLI commands and serve 2022-07-30 02:29:20 +01:00
rlaphoenix
1cedba7e49 Cdm: Change param pssh to init_data
This is to signal what the Cdm really uses. Asking for a PSSH may sound like it uses a full PSSH when in reality all it cares for is the underlying init data (Widevine Cenc Header/WidevinePsshData).
2022-07-30 02:26:11 +01:00
rlaphoenix
b5ac0f45a2 Remove Cdm raw param, Improve PSSH.get_as_box()
The Cdm no longer requires you to specify if it's raw or not thanks to changes in PSSH.get_as_box() now supporting both dynamically.

It will parse the data and if its not a box, it will use the provided data in a newly crafted box.
2022-07-30 02:21:19 +01:00
rlaphoenix
8f7cacb10a PSSH: Remove from_init_data()
This is unused and will soon be unnecessary.
2022-07-30 02:21:02 +01:00
rlaphoenix
676110c01e PSSH: Fix check of Cenc Header data in get_as_box() 2022-07-30 01:33:21 +01:00
rlaphoenix
a3102ded18 Cdm: Verify Signatures of Security Certificates
This improves Cdm security and prevents a trivial exploit on Privacy Mode allowing an attacker to bypass Privacy Mode by controlling their own Public/Private Key Pair on Service Certificates.

The attack is simple in which you create your own RSA-2048 key pair, replace the public key of a service certificate with your own, and now you have the corresponding private key to be able to decrypt Encrypted Client IDs. This trivial attack is often used on CDM re-implementations, proxies, and APIs to obtain sensitive Device Client ID information.

With this commit this attack is prevented on this Cdm implementation, making it more secure from attacks. A signed DRM Certificate must be provided now as the ability to provide a direct DrmCertificate has been removed.

The root certificate added alongside this commit has no private key and cannot be used to re-sign an altered DrmCertificate.
2022-07-29 22:14:48 +01:00
rlaphoenix
d9d8074f73 Extend functionality of migrate cmd to folders of wvds
This is so you can mass migrate devices instead of painfully one by one.
2022-07-29 19:29:39 +01:00
rlaphoenix
fc9a290482 Device: Move structure revision notes next to the structures 2022-07-25 00:13:33 +01:00
rlaphoenix
f63b94c31d Add ability to serve cdm devices remotely with serve command 2022-07-24 21:48:09 +01:00
rlaphoenix
ac469383b8 Cdm: Validate License Message type in parse_license 2022-07-24 21:07:00 +01:00
rlaphoenix
b081d66ca2 Update Development Status Trove classifier 2022-07-23 17:03:11 +01:00
rlaphoenix
aaf2362634 Fix exclude pattern of license proto on DeepSource
Seems this ** way didn't work for whatever reason.
2022-07-23 17:00:27 +01:00
rlaphoenix
683c3360a5 Improve the Disclaimers, limit to 5 disclaimers 2022-07-23 16:36:11 +01:00
rlaphoenix
93cdc7f44e Remove f-string without expression, mute unused variable in Cdm 2022-07-23 16:29:28 +01:00
rlaphoenix
943968f2c7 Cdm: Remove the use of .format() in decrypt() 2022-07-23 16:26:09 +01:00
rlaphoenix
657f9357f2 Add various Credits to the README 2022-07-23 16:15:42 +01:00
rlaphoenix
7cc40e802f Link to the PyPI page on the Python ver. badge 2022-07-23 16:12:47 +01:00
rlaphoenix
d62b718f6d Add nicer header to README, add badges 2022-07-23 16:11:55 +01:00
rlaphoenix
442a5c9fd6 Add DeepSource config file 2022-07-23 15:55:37 +01:00
rlaphoenix
d72607b080 Update Changelog for v1.1.1 2022-07-22 21:21:41 +01:00
rlaphoenix
60bb779c59 Bump to v1.1.1 2022-07-22 21:20:37 +01:00
rlaphoenix
e1532b1451 Fix optional --vmp argument to create-device command 2022-07-22 19:25:08 +01:00
rlaphoenix
e1951d20d0 Update Changelog for v1.1.0 2022-07-21 17:32:14 +01:00
rlaphoenix
35abd2962f Bump to v1.1.0 2022-07-21 17:32:06 +01:00
rlaphoenix
b262e115d3 Add ability to use Privacy mode on test command 2022-07-21 17:28:04 +01:00
rlaphoenix
95982725c3 Cdm: Support providing Service Cert as any 3 schemas
Some service's might provide the Service Certificate as a SignedDrmCertificate instead of a SignedMessage so I added support for supplying such format certificates. I also added support for supplying a DrmCertificate directly, though it's unlikely for a service to provide it raw without a signature like that.

The Service Certificate is now also stored as just the DrmCertificate internally, as it will not be using the signature.
2022-07-21 17:26:14 +01:00
rlaphoenix
70e79825b3 Device: Re-use magic reference across Structures 2022-07-21 16:23:19 +01:00
rlaphoenix
f2174dfa72 Device: Blank flags on v1 WVDs when migrating
This flag was technically used before this project and to ensure it will be unused and ready for safe use in this project and on v3 (if/when), we should blank the flags.
2022-07-21 16:21:22 +01:00
rlaphoenix
fe21bfe88c Fix migrate cmd's error handling, missing ValueError catching 2022-07-21 16:20:22 +01:00
rlaphoenix
93f70f73c2 Device: Fix header structure, should not be a constant 1 2022-07-21 16:19:52 +01:00
rlaphoenix
1442c945cc Move Migration Code to Device.migrate()
Also now more effectively migrates using the v1 Structure data.

Also fixes the migration error of possibly leaving behind VMP data. Will warn you if VMP data is already in the Client ID (if its different).
2022-07-21 16:10:42 +01:00