Hacker News new | past | comments | ask | show | jobs | submit login
"Widevine Dump":Leaked Code Downloads HD Video from Disney+, Amazon, and Netflix (torrentfreak.com)
449 points by bertman on Dec 27, 2021 | hide | past | favorite | 293 comments



I did one of these for Hulu (https://github.com/chris124567/hulu) a while back. It didn't take very long to write. Most of these programs are just using the pywidevine library along with some key that's been leaked (if you know how to navigate Github search you can find one in a couple of minutes) and then integrating the streaming site's API. I wrote mine in Go because I got sick of the pywidevine hegemony and I felt it was unnecessarily complicated. The annoying thing is that key revocations are happening pretty frequently now. It's another one of those pointless cat and mouse games.


[flagged]


I'm not sure there's some rigorous ethical justification but it's only available to people who have a Hulu account so they could just watch the movies on hulu.com instead of downloading them anyways. It also makes watching Hulu possible to people who don't want to run an opaque obfuscated library (Widevine) on their computer (also people who use musl libc [like myself] which Widevine doesn't work on). Hulu ripping was happening long before this software so I doubt it will have any impact in the grand scheme of things. It was mostly just written for my own fun.


Just wanted to say thanks, both for writing it and for not being ashamed of it. And also for being honest that reverse engineering is often really fun. (Unlike being an actual pentester, which mostly consists of writing TPS reports.)

P.S. To lighten the mood a little, I have a different question for you. Why "from"? It's a great name; I'm just super curious if there's any meaning. Also surprised that a Python reserved word was available on HN in 2019 -- most of those were snatched up in 2008.


I'm not exactly sure how this works, it seems you need to have to have a hulu subscriptions, which means you are paying for the content.

From the instructions "Note: Ensure you are signed in before following these steps." You are just able to download the video/ You'll at that point likely watch it once and then not watch it again.

But sometimes when your traveling and you don't have internet and you want to watch something, this is useful. I mean if you got the video files through someother DRM free site, you wouldn't have these restrictions at all and you wouldn't be paying at all. Then you could argue you are consuming without compensating the creators, which I think wouldn't be right.


> when your traveling and you don't have internet and you want to watch something

Hulu and a number of other streaming services have a download feature for exactly this situation.


The download features are super limited.

- Downloaded something in country A and want to watch while in country B? Sorry, the content is not available in your region. Want to watch it via VPN? Sorry, we detected that you are connected via a VPN (had exactly those two issues with Amazon Prime Video).

- Even if content is available in another region, some language options are not available anymore (you are in Russia? Now you can only choose English an Russian).

- Some titles are not available for download and can only be streamed

- Downloads require you to use the app. Not all devices have the app. E.g. you can't download movies on a Macbook because there is no Mac Netflix App. However you can do it on Android, Windows and iOS. I am forced to watch content on my Android phone instead of the bigger Macbook screen when traveling.


> Even if content is available in another region, some language options are not available anymore

If only this were limited to downloads! I know a native Dutch speaker living in Germany who had to resort back to piracy to get Dutch subtitles.


In my experience the download services have weird time limits and are pretty crappy, I'd rather just have the content on my Plex server.


The repo readme is pretty telling - this is being leaked to force this particular key to be blacklisted, I guess one group annoyed with others and wanting to cut off their access (and presumably the leaking group already has other L1 keys so doesn't fear this key being burned...)


I also noticed it provides part of the functionality with a .pyc file, without including the normal python source. This one, for example: https://github.com/widevinedump/WV-AMZN-4K-RIPPER/blob/main/...

I'd be a little leery of running that outside of a sandbox.


Do you think it could probably be decompiled? [0].

[0]: https://stackoverflow.com/a/14808336/297570


Forgive me for my ignorance, but would you mind explaining why providing functionality with a .pyc is potentially a red flag? I'm interested in learning more about Python codebases.


.pyc files are the compiled bytecode for its corresponding .py file. It's scrambled, you would need a decompiler to inspect the source code and it would be very hard to read (compared to the original source).

People typically ship .pyc files when they want to hide what they are doing, for a wide variety of reasons.


Oh! That makes complete sense. I didn't know .pyc was the bytecode of a Python file. Thank you!


There is something amusing about weaponizing the key revocation process like this...


Everything about it is fascinating. These people all have day jobs yet they provide a better experience than the multi-trillion dollar corporations that are releasing the product in the first place.


These people probably all have day school... I think most people who get past school age tend to retire out of this crowd of people...


I would just like to point out that this is a forum called Hacker News.


People come to HN to discuss whether the hacking blog's title was too big for their tastes or if the content is readable by every disabled person under the sun. The comment section is literally pain incarnate for actual hackers.


Are you implying that young adults are more responsible for the state of piracy today than adults? I don't see that at all.


I feel like I have to defend the parent here. My experience in the nulling/warez/pirating community is that it tends to be young adults doing the majority of the work and mostly they do it for kudos and not monetary benefit.

Adults might be giving them the kudos, but the hard work (again, in my experience) is young adults, of school age.


A lot of them started as young adults, but the scene has been going on for over 20 years. Some people quit over time, and some other joined as they got old enough to contribute, but I wouldn't paint with as wide of a brush as you're doing.


these young adults havent learned the utility and nessecity of anonymity


Young adults aren't breaking into streaming devices to extract the CDM keys. They also aren't running trackers like Orpheus and Redacted. Those are small examples, but I'm not sure I understand how young adults would ever have the mobility and network to do these things.


George Hotz (geohot) was a teenager when he cracked the iPhone and was 20 when he cracked the PS3. So...yes, young adults certainly can extract keys if they have the time and motivation, and being young adults they often have plenty of time on their hands.


Using George Hotz as an example is pretty disingenuous. He is clearly not your average young adult, even for the average of HN.


That was some funny stuff. Watching this guy make Sony freak out and chase after him down the street with lawyers. Halt varlet, for I shalt sue!


Er, you may not have been a young adult with l33t hardware hacking skills, but others were.


Odd comparison, I wasn't basing this off of my experience as a young adult.


They are. Plenty of them are more than talented enough for it.


Can you provide a counter-example or is this all anecdotes?


It was definitely the case for me! I aged out of warez when I got a full time job.


I think the warez ‘golden age’ was 1995-2015.

Before that most of the protections were just not that severe (and thus interesting), and after 2015 Steam, Netflix and Spotify severely stemmed the influx of people being exposed to piracy and thus potentially going deeper into the culture.

Tangentially related but I think that’s also why in a strange way the advent of the smartphone and other ‘curated technological experiences’ has lowered computer literacy for the average person born after ~1995.


Yeah, I think software piracy was a huge part of technological learning for me from an early age, figuring out how to the name of what I was even looking for (cracks, Warez), using astalavista, early torrent clients, forwarding ports, finding good torrents, using a firewall to block applications, applying cracks, learning about loaders, key generators, patches, protectors, and later reverse engineering and cracking software myself... staring at assembly in IDA for a few days straight so you can do something no one else online has done is a pretty interesting experience and probably one of the most formative ones to my enjoyment of computing.


or they had the skills to just dump it again

Edit: nvm I understood which key you were talking about. I would have replied, but I'm rate limited.


Ah, I thought L1 keys were burned into hardware, so blacklisting this key was effectively blacklisting a bunch of Lenovo tablets from accessing 4K HDR streaming?

Edit: looks like I'm wrong about this, and the Widevine L1 keys can be changed with a firmware update. There's an interesting breakdown of how it works on Qualcomm chips here: http://bits-please.blogspot.com/2016/04/exploring-qualcomms-...


Does this mean if I have a lenovo tablet that currently streams 4K, that it will lose 4K video support? Could I ask Lenovo for a refund?


I would think so (the repo suggests this is a Lenovo TB-X505X key, I'd imagine they're at least per-product). I could certainly be be wrong about L1 keys being burned-in, that was just my understanding of it (vendor docs say things like "Hardware DRM", but maybe I'm jumping to conclusions from marketing speak)

The Widevine spec doesn't say either, it just says that all processing is within the Trusted Execution Environment, so I suppose the keys could be loaded/updated in firmware. I'm looking for more docs now...

Edit: looks like I was wrong and they can be changed with firmware updates: http://bits-please.blogspot.com/2016/04/exploring-qualcomms-...


TEE is an environment with hardware backed attestation, you run a piece of software in the "black box" to do things like key generation etc.

My educated guess, having used TEE/TrustZone for keys is that they could update the payload (the "Trusted Executable") with a new one to resolve the issue.


You should be able to ask Lenovo for a refund if you've bought the device with this feature in mind and if Lenovo advertised the ability to watch 4K on your preferred streaming service.

If the device just happens to support 4k, you may be out of luck. You could try sueing the parties that are supposed to deliver the 4k content and have revoked the key, but I doubt you'll get much out of them.

If you rely on DRM, the media industry has all the keys. You're left to their whims when it comes to content consumption, and there's very little you can do.


Yes and yes. Lenovo probably doesn’t give a shit, though. But you can ask!


Depends on the country. Some do have some liability on manufacturers and/or vendors for defects. Unsure if an asterisk in their click through contract about key revocation would even matter.


Would they release a firmware update with new keys though? If they can’t fix the vulnerability, the new keys would get dumped just like the old ones.


This is one of those github repositories that you just clone and move on.

Don't fork, just clone to your local system. When it gets taken down the forks will disappear, whereas the clones will not. You can also just download a zip file.

https://github.com/widevinedump?tab=repositories


  #!/usr/bin/env bash
  API_URL="https://api.github.com/users/widevinedump/repos"
  for url in $(curl -s $API_URL | jq -r '.[].html_url')
  do
    echo "Cloning: $url"
    git clone $url
  done


If I wanted to save an important repo, I would run a command like this:

  ssh user@rsync.net "git clone --mirror https://github.com/widevindump/Netlix-4K-Script github/2021-12-27-widevindump_Netlix-4K-Script"
... which works because the 'git' binary is maintained on rsync.net and can be executed over ssh[1].

[1] https://www.rsync.net/resources/howto/git.html


I'd delete this comment if I were you. The copyright cartels have ended lives for less.

edit: I tried to keep it simple so that a null-edit would suffice to scrub the comment in question. But since I have to explain - the author runs the service for which they're providing instructions. This creates a straightforward argument that they intend their service to be used for storing forbidden files. Such "contributory infringement" is exactly how the copyright cartels have gone after youtube-dl, Popcorn Time, and many other general tools.


Oh, dear god please, please sue us.

The exposure, the name recognition, the PR coup that this would be ... would dwarf every effort we have ever made in over 20 years of trying to publicize our company.

Seriously: If you work for any of these "aggrieved" content providers and if you really want me to buy the Aspen house ten years early, dear god please sue us.


And after years of litigation, when your well-paid counsel tells you that you're going to lose and the practical path forward is to sign a settlement agreeing to scan users' files for forbidden ones? IANAA but this does seem to be the basic path that every cloud service gets sucked into.

I wish I were wrong, but I've seen no indication that courts respect digital privacy the way that physical boundaries have come to be respected (eg the US's 4th Amendment) - if you have the ability to do something about possibly forbidden communications, then you will be forced to. Digital privacy rights feel at least a few decades off, and that's assuming the centralizers don't continue to successfully embrace-extend-extinguish.


I mirrored it and am not affiliated, so we can now flag their comment for their protection


... what?


If I wanted to save an important repo, I would run a command like this:

ssh user@rsync.net "git clone --mirror https://github.com/widevindump/Netlix-4K-Script github/2021-12-27-widevindump_Netlix-4K-Script"

... which works because the 'git' binary is maintained on rsync.net and can be executed over ssh[1].

[1] https://www.rsync.net/resources/howto/git.html


Thanks


"Making an imaginary-ish copy that stays on the big Microsoft-owned system is mostly unnecessary and probably not enough to keep it around, make sure you save a copy on your own computer that they can't get to."

Don't want to be (too) condescending, but, as an old-timer it's kind of wild to me that people who work with tech a lot do actually sometimes need to be reminded of this.


It continues to amaze me that so many people in my profession (software) don't know that Git is "decentralized".

GitHub et al have taken over so ubiquitously that many developers I know have no idea that a bunch of what they do isn't even Git, and a bunch of what they don't do, is.


Wonder if they pay any attention to who wrote it as well. :)


Its wild to me too, but I've seen people actually debate fork perseverance and I'm always confused what the issue is when you can just have a local copy but somehow that often never gets brought up in those conversations. Its not even about something used in a package manager, they just really had no backup when the default behavior of the git protocol is to have a backup. I'm like "wait did they actually lose something?" so since that seems to be the case, yeah, gotta remind people.


"Cloud-native" youth seem to have forgotten a huge chunk of computing


Did you see this gem the other day?

https://news.ycombinator.com/item?id=29668260

I'm still not convinced it wasn't a troll thread. Its like its either a troll, or a coding academy class just graduated alongside a bunch of self-starters that made "coding" their pandemic project, where some popular TikTok content creator must be telling people to hang out on hackernews.


Okay, I know I might be breaking some kind of HN rule here, but I'm super genuinely curious as to why the downvotes here. Seriously. Is it "because people already know and I'm being condescending?" Is it "No, they shouldn't do this and instead allow the code to be censored?" Where are y'all going with this?


> Don't want to be (too) condescending

was what did it for me. basically claiming superiority prior to any actual engagement/discussion.


:) Fair.


I think it is also fair to expect them to know it without such reminders.


You can fork and detach. Then it is no longer linked.


> You can fork and detach.

I wonder if GitHub will volunteer your detached fork for an experiment in touching hard drives with magnets


An IPFS Mirror of all the repos of the GitHub account.

https://cloudflare-ipfs.com/ipfs/QmWPo4VqWwrdU3A7fm9Ze3Qm31D...

For example: ``` git clone http://cloudflare-ipfs.com/ipfs/QmWPo4VqWwrdU3A7fm9Ze3Qm31DH... ```

To pin and help seed on your local IPFS node ``` ipfs pin add /ipfs/QmWPo4VqWwrdU3A7fm9Ze3Qm31DHBz4bZPNeFPojS8huSg ``` Cloudflare IPFS can be replaced with other ipfs nodes like dweb.link or your local one.


Can we just stop the shitshow with DRM? I have NEVER encountered a TV show/movie that I could't rip using a torrent either on public p2p sites or a private tracker.

But I have seen a lot of my non-technical friends and family having a degraded experience, who pay for their streaming services every month. It was either because they were using a browser or device which was deemed unworthy of full quality streaming by the mighty DRM authors. And now the poor users of the TB-X505X will also have a degraded experience.


Yeah, I don't know in what world DRM is supposed to stop people ripping stuff, it only seems to hurt paying users, ultimately if it comes out of a screen you can always capture the output, no amount of DRM will ever prevent this so why bother <insert conspiracy vs Hanlon's razor theories here> .

The irony is that as a Linux user (only SD for us), and a user with poor internet and thus shitty streaming speed, DRM pushes me towards torrenting everything I "buy" from these platforms anyway, just for the privileged of being able to watch what i'm paying for without being a blurry over-compressed mess, without having my device rooted by a third party, and not needing to be blessed with a consistent high speed internet connection.

I've said it before, torrenting today is as good as the experience of buying music on a physical medium in the 90s... you bought it, took it home, and played it in fully quality uninterrupted, END OF STORY. streaming services still haven't matched this experience.


The "paying users" is exactly the group that DRM is designed to hurt (control). There is a large class of users that won't mess with torrents or whatever for a number of reasons. Ones that apply to me are 1) I don't want my internet service cut if the ISP gets a complaint, 2) Yes, I know I can use a VPN service to get around (1), but then I'd have to find a trusted VPN and there have been ones in the past that were outed as honey pots. 3) You have to be part of the "scene" to work around (1) and (2). 4) I have some disposable income, so at this point in my life I don't feel a "sting" by paying 5 - 7 bucks a month for a streaming service. I'm sure that for other people, lack of familiarity with how to get content through unauthorized means.

Now for the control that they want over users like me. If I could easily do it, I'd subscribe to one service, grab a bunch of content to watch later, then unsubscribe a month later and go to the next service in line. Also they want to control how I use the media, such as watching offline (by using the "download to watch later" button they provide, they can ensure that I don't download it to all my friends' devices, and that I still am a paying customer at the time I decide to watch later).


They could achieve the same chilling effect on the "I'll just download it by using a chrome extension" crowd by having simple convoluted scheme in the way they retrieve the data. It isn't unseen, downloading them in chunks even is sufficient to throw these people off. Simple xor with a dynamic key with the decoding work done in WASM for more obscurity to throw the common downloader and reverser off would have the same effect without the intrusion into my computing device.

But it is what it is really. Not really disagreeing with you.


> torrenting today is as good as the experience of buying music on a physical medium in the 90s

You meant to say "it's much better than buying experience has ever been". You throw an RSS feed into your torrent client once and get desktop or email notifications when a new episode is downloaded and ready to play. If there's enough disk space, you can add whole categories in there and have hundreds of shows available locally at any time.


This is not a good experience. I cannot order a box like an Apple TV and just hook it up to my new TV and go. It’s never as easy as anyone says it is, there’s always more steps involved than logging into iTunes and/or subscribing to some service with my credit card. Plus there’s always the chance of a lawsuit hanging over my head.


For a tech illeterare person maybe. using `docker-compose up` to start a preconfigured sonarr, radarr, transmission with VPN , Plex or jellyfin is almost all you need. the only addition is getting a VPN service such as mullvad... If that's too involved for a software developer I'd call that person pretty incompetent, honestly.


This is exactly my point. I can do all these things. They’re the last thing I would ever want to do in my living room. This is analogous to the PC gamer master race thing. I have gaming PCs. I have consoles. The consoles are by far the better experience. They always will be. It’s the difference between “it just works” and “just have to”. You just have to do this, then that, and that… and then it’s just as good … oh until this or that update breaks the entire stack, or some weird quirk of the hardware or it’s OS kicks in and you’re in jank city when you really just wanted an elegant solution.


You got downvoted but once setup it really is easy. We have a little VM with deluge and a VPN. Couple little IPTables rules ensure it can’t even route traffic except over the VPN interface or the one VPN endpoint, making sure no traffic leaks. I’m more worried I’ll stub my toe and it will hurt than my traffic leaks. I showed my wife how to use it, no problem. Sketchy browsing happens with Guacamole and a browser in a (separate) VM that wipes itself every few days.


It's not a question of competence, it's just a drag...like the construction expert who procrastinates minor home repairs. I'll stay up all night teasing secrets out of locked boxes but when it comes to entertainment I lose interest after about 30 seconds so I just don't bother to pirate stuff unless I find a torrent in the first 30 seconds. I could just be reading a book instead.


> using `docker-compose up` to start a preconfigured sonarr, radarr, transmission with VPN , Plex or jellyfin is almost all you need.

That "almost all you need," is exactly why I'd rather just plug in an Apple TV. I'm not technically incompetent, I just have better things to do with my time.


Jellyfin's Syncplay and Roku app work as well, making group video watching easy


I have an Android TV and streaming subscriptions. If I want to stream something I have to find out what service carries it, open the right app, and attempt to type the title with the arrow keys on the remote. For me, it's much easier to torrent.


Or, you get a small server and download a package... with a little finangaling, you have a service that will catalog shows and movies you want to watch, download them, sort them and push them to your own private "netflix" server ala Plex.

https://github.com/sebgl/htpc-download-box

put it behind a VPN (included) and bam... all your stuff, globally gotten and none of the BS with "Wildvine" and it's ilk.


>with a little finangaling

This is the part that you're wildly underselling, and missing the whole point by doing so. Netflix is just a better UX for anyone that doesn't make a hobby out of tinkering with tech


Plex is pretty damn good. If netflix is "better", it's marginally so.

There is learning with the above... docker to start and NZB/Torrenting... server management...

If you know those things already? or are close? great learning experience (my case).

is it worth ~$14/month for Netflix? Prime? Disney+? HBO Max? etc? maybe... but at a certain point the 'nickel and dime' gets to a point to where learning how to do the above becomes more worth it.

You don't need an expensive computer/server to do all this... just time and a desire to learn. once done? you control your own library and no need to worry about losing your content if you stop the monthly payments.


Streaming used to be pretty good, when Netflix was basically the only one (with most content), but it's so fragmented now, that you need so many subscriptions that it's not cheap, and pretty annoying flipping between apps to find the show/movie you want to watch, then to find it expired last week, and you have to find out who still streams it.


I mean, don't get me wrong... streaming is still pretty good. Fragmentation of content aside, there's more good content than there's ever been. So I'm not a 100% doom and gloomer...

but...

Getting that content has the "provider" problem. As you say, whack'a'mole to get the movie you want.

People always bitched that "Cable is horrible! Why do I have to pay for 400 channels to get the 3 I watch!". And here we are... able to pay for "Ala'Carte" and it's exactly what everyone wanted - and expected: Paying more for each bucket. Instead of $100 (or whatever a full cable plan is)... you're paying $75 for internet, $15 for netflix, $10 for prime (or whatever it amoritizes yearly), disney+, hbo max, Discovery+, etc, etc, etc.

Finding the EXACT movie you want is a hassle... and that hassle is what drives me to Plex. Radarr/Sonarr/NZB/etc all roll together to make a massively good platform that, learning aside, hands all the power back. I do have to pay for some stuff (NZB, Plex, internet, time learning, etc) but it's my time and worth it.


Plus, it's free.


> no amount of DRM will ever prevent this so why bother

There is a possible reason: insurance.

Once insurers are involved it drives behaviours in media production that may at first not appear to make sense -- protecting content in it's various forms leads into technical constrains however it can just as easily lead into "theatre".


DRM is doing what it is supposed to, and that is to stop common theft.

It's a lock on a door. 99% people can get past the lock if they really wanted to, but it takes time, effort, there are consequences.

If there is no lock, then 99% of people would just 'walk right through' the door.

Without DRM systems (including the legal framework) then the instant 'Spiderman' was released, it would be on S3 for the world to share for free. (Which some would like, others not so much, but there definitely wouldn't be another Spiderman).

So if you really want to try, take some risks, ask around, you can get it for free, but most people won't bother so they just pay.

" streaming services still haven't matched this experience. "

I don't know what you mean: people can flick on their TV's and stream whatever Disney or Netflix and that's that. I can't even recall the last time Netflix didn't work for me.

If you mean to say you can 'torrent anything you want' - well - yes, but that's another issue.


> ultimately if it comes out of a screen you can always capture the output, no amount of DRM will ever prevent this

I think that the end goal for the media companies is to add watermarking to all media and require watermark detection on all video-recording equipment, to include cameras. This would be terribly bad, but I think it is technically possible.


A practical problem DRM will always have is that the full DRM chain that tries to include everything in the path down to the cables, that involves too many actors not to break. Keys will inevitably leak left and right, and you'll always be able to find some sort of cable and capture card setup that ignores DRM.

About the watermark scheme, if it was standardized for inclusion in any video-recording equipment, then the standard would leak and people would learn how to neuter it. Or people would flash their camera's firmware to patch out the detection code.

There's simply too many places where the scheme cannot be secure, by design. It's hard to stop finding weak points in the DRM scheme.


once the bits are in your bus, you own them, as in physically have them, it becomes a matter of time and effort for you to access them in a humanly enjoyable manner.

it is possible to re engineer digital electronics with a little ribbon cable, an exacto knife, and a fine soldering hand.

the decrypted bitstream doesnt have to go to a display buffer it could go to memory instead.

that is where i see DRM failing to stop 100% of the leak, and is powerless to do so, as long as people can still understand, and manipulate lowlevel hardware and firmware


I can't wait to implement WideVine DRM chip on my brain


signed video cameras are coming to counteract the incoming tidalwave of AI generated misinformation. The 2024 US election will have swaths of AI generated videos. It will be a mess and I will continue to be longing for the simple days. I.e. dumb cameras/dumb game consoles/dumb tvs/dumb appliances etc.


Sell them some easily defeatable “solution”. Use lots of buzz words. They’ll buy it!

They’ve been buying dreams long enough, may as well be the one that sells it to them.


How do you carry it around?

The torrenting experience IMO is still fairly limited compared to either the BluRay experience for "max quality" viewing at home (but with easy portability of the disc too) or the "play it anywhere you're logged in without being tied to a particular device or hard drive" experience of streaming. When it comes to movies, you can often get both of those with a single purchase, too!


BlueRay sucks for portability their quiet fragile needing a case of some sort, you p need a player, and you quickly get to the point of having multiple CD cases worth of disks. Compared to the disks USB drives win, if your talking a player you might as well just take a tablet or laptop with multiple movies, and external drives hold as many movies as those CD cases while being far more convenient.

As far as I am concerned BlueRay loses on all fronts.


Any of a number of apps can serve your music/TV/Movie collection off your home network to the internet and stream it to your phone or other devices in real time. Plex. SubSonic. MediaPortal. Kodi. Etc.


For capturing, HDCP is also a DRM (but now broken). Even Cinavia exists for recording by camera.


You're mixing terms up, you don't rip using a torrent or any other p2p protocol. You download things.

You know how Netflix only allows you to stream 1080p in most browsers? That's because they don't support the DRMs content providers use for high-res content.

You'll see webrips all the time with 1080p because someone can just record their screen and call it a day, but the 4k content is harder since the DRM prevents everything on your system from recording it.

Not sure if webrips are screen recordings or actually downloaded copies, but it doesn't really matter.

I have subs for D+ and HBO Max, if they're using DRM I for sure don't notice and don't care about it, I use either the app on my TV or the app on my phone to Chromecast and it's flawless.

While content not on these platforms that I've chosen to subscribe to requires me to go though more hoops to get the same experience.

It's not that the torrent experience is shit, but things like synced subtitles can be hard to find (requirement when watching with most of my friends and family) for example.

I'm part of a quite decent private tracker we'll call "TD" and while I have nothing bad to say about my experience there, I will say the things I pay for work better.


Oh sorry, English is not my native language and I had to rephrase a few times, totally missed that.

>You'll see webrips all the time with 1080p because someone can just record their screen and call it a day.

I've checked my tracker and practically all TV shows from Netflix that are in 4K can be downloaded in 4K. And I am 99% sure they are not screen caps, for example the entire second season of The Witcher was released 17 December at 09:01, and my tracker had it ready to download at 12:26 at 4K with 3 audio tracks and 2 subtitle tracks. The runtime of this season on imdb is about 8 hours, so it would be impossible to screencap, which means they had a bypass for the DRM ready ahead of time.

Of course these are just examples that I made up and I would never enter or use such filthy and illegal websites.

And for the mobile and smart TV experience there is Plex. It even has features which aren't possible with the legitimate services, such as "Watch Together" which allows you to watch stuff with friends over the internet.


All good on the English mate, just had to make sure.

Netflix DRM might indeed be broken(I don't know), but I do get the purpose of it. Now only nerds in nerd communities can do illegal stuff in HQ then.

Plex is great indeed, I might sub to a seedbox with shared account and set it up again some day, though I like the thought of using Jellyfin since it's open source.

D+ supports group watch.

I mean, if something is available on a streaming service the experience is good, but torrenting doesn't have to be as bad as it is for me (I don't run servers at home, and I don't want "server software" on my desktop either really).

I just think we shouldn't complain that those who distribute content wants to protect it, even if the protection is subpar.


> D+ supports group watch.

Even when the paid service supports it, they can add complications, for example. Amazon Prime group watch doesn't work between my Irish subscription and my friend's UK subscription even when the media is available in both regions.


Does group watch work across plex servers?

I can see why they don't cover this edge case if I'm to be entirely honest.


My experience is with jellyfin, but without the complexities of cross region licensing + DRM, there's nothing forcing people in different areas to not use the same server


I mean I figured this would be the answer. But do you think It'd be that easy for someone that really want's to make this work? There are lawyers all over the place with or without DRM. The people who make the content don't want it to be spread across regions the "deliverer" didn't pay for, and then implementing this niche feature isn't worth it for the shows that exist cross region.

What I'm saying is: People want to get paid, and if people don't get paid content doesn't get made. I don't like how this works either, but we must also understand that It's complex for that exact reason: Money.

I'm not saying you're stealing since you're not taking anything from someone (Stealing a bike leaves one less left) but you're also not paying for something someone made for paying customers. As long as we have country borders this will be a problem only overcome by people who feel above the law and copy content illegaly.


If we take cars as an example however:

Toyota sells the right to be the exclusive Toyota dealer for my area (city in this case, sometimes smaller or larger areas depending on population) to Joe the Car Dealer. I'm sure Toyota would love if I couldn't get a used Toyota from elsewhere and bring it to my city, as it increases the value of what they're selling to Joe the Car Dealer.

But legally Toyota (and Joe the Car Dealer) can suck it, they can't make it a term of buying a car that I don't bring it cross region, or even that I don't import it from another country entirely (where they may set prices lower as an attempt to maximise marginal revenue from people of different incomes).

I feel media should work more like cars here. Indeed it did, in the past. Disney couldn't stop me buying DVDs from eastern europe, nor could they shut someone down for selling region free DVD players - the most they could do is have the DVD forum not provide DVD standard documentation and licensing stickers to the manufacturers.


I disagree with the comparison, with physical goods there's effort involved in doing all these things, meaning most people won't do it and you still have to purchase the new unit from Toyota (unless someone manufactures a "perfect" replica).

With bits and bytes on the internet there's no effort involved.

I hate the state of media consumption, but it makes sense from a sellers perspective more than a consumer perspective indeed.


Nope, but it's not a problem since a friend can use his account to log in to yours server.


> It's not that the torrent experience is shit, but things like synced subtitles can be hard to find (requirement when watching with most of my friends and family) for example.

Try out subdl[1]. It can work out the correct subtitles to download (based on a hash of the movie file apparently) and usually works well for me. I used to do this process manually but since trying out this tool I've been able to rely on it >95% of the time.

Don't assume the subtitles provided by the paid service are good quality. I've on a few occasions been unsatisfied by the subtitles provided by Netflix, and checked out subtitles from other unofficial sources to find these are much better. This is especially true for foreign language subtitles--the translations Netflix has is really poor quality for some shows and much better ones can be found elsewhere. One excellent example of this is the German show 'The Same Sky' which has terrible English subtitles that actually makes the shows unwatchable. The only consistently good thing about Netflix subtitles is that the timing is more or less correct.

Not sure about other streaming service as I don't generally use the others much.

[1]: https://github.com/alexanderwink/subdl


It's astonishing how bad Netflix subtitles can be. Random example: the music during the intro of the show Suits is Ima Robot - Greenback Boogie. The English Netflix subtitles show the lyrics for the song, but they are obviously incorrect. Weirder is that they are incorrect in a different way every single season. Seemingly the subtitles were created by a different person every season, each of them starting from scratch, each of them having trouble understanding perfectly clear sentences, and nobody bothered to check anyone's work.

Somehow the pirates get it right from the beginning, and consistently across all seasons.


Recently tried to play a streaming service film on a second screen from my phone, but it wasn't allowed. This makes no sense given that I can do it from my PC in the browser client. But then the PC isn't allowed to download video from the streaming service for offline viewing, while the mobile client is. When I travel, I'm often not allowed to view shows that I watch in my home country on the streaming service, even though I'm using my own account on the same machine.

On top of all that, I worry that at some point one of the major services will arbitrarily cut off my access and any media I've 'purchased' will be lost. In the old days, your household insurance would pay to replace DVDs stolen or lost to a fire. I doubt that household insurance these days covers loss of access to google or amazon prime video, but the monetary value of these libraries could be enormous.

It's all stupid. The big media companies killed the companies offering 'dvd locker' type streaming services, where you legitimately bought and owned the DVDs, but the company allowed you to stream them over the internet. That would have been a nice way of doing it.

I find our descent into a culture where nobody owns anything but everything costs as much or more for temporary access as it did for ownership disappointing. Even people whose ideology praises property rights above almost all else don't seem to mind that they actually have those rights in fewer and fewer things of consequence.


> This makes no sense given that I can do it from my PC in the browser client.

> But then the PC isn't allowed to download video from the streaming service for offline viewing, while the mobile client is.

I believe that's why the restriction exists.


Whatever the reason it results in a bad disjointed experience for the user.

Besides I can't work out a way that the restriction makes sense. The app knows that I'm streaming this film not playing it from download, so restricting what I can do based on the fact that I could have downloaded it but didn't would be really weird.


If the app supports offline playing, you can download on multiple devices and set offline, then you can play videos in multiple devices than service/content provider want to allow (though offline playback would expire within dozens of days). So they want to enforce max devices limit only for app. Whether the limitation meaningful for abuse is different story.


Case in point: I can't listen to spotify on my laptop if I've got my external monitors plugged in via USB-C. Not a problem with MP3s of course.


I've never had this issue. Spotify (on Mac) uses the computer's sound output setting (laptop speakers or monitor), unless you choose another destination with the Spotify 'device' option.


Presumably there's something incompatible with how the Spotify client plays audio and how his system handles audio playback. His point still stands though - with MP3s he can use an alternative player, with Spotify he can't.


I use an ncurses Spotify client (I forget what) or a web browser to listen on my computer (normally I do it on the phone and airplay to the required speakers). Never had an issue.


My problem with Spotify isn't the DRM, since I use it mostly to play either background music or find different things to listen to--like I used to use satellite radio. The problem with Spotify is that the artists (for the most part) get so little while providing the content.


> The problem with Spotify is that the artists (for the most part) get so little while providing the content.

That's because there is too much supply of music. Attention is the scarce thing today.


You can use the web client which uses the browsers audio interfacing.


Might be because I use the web client? To be honest I haven't put any time trying to get it to work as I've got a simmering resentment about having to waste my time on things like this! On the plus side I've built up a good playlist on SoundCloud.


It's such a chain - even if a distributer didn't want to use DRM, the buck will stop with a lawyer for the content owners who's job it is to do everything in their power to make sure their clients get paid for the content. Why would one of those make it easier to pirate?

Corporate drone logic man.


Because they can sell more views if paying customers are happy.

I refuse to pay for Netflix because even if paid I wouldn't be able to watch the content (including Netflix originals where the "rightsholders don't allow it" argument doesn't make much sense) in reasonable quality.

Meanwhile, people can watch it from an unlicensed source without paying (legality varies by country but generally low risk for users), and as long as adblock works, the experience really isn't much worse than with Netflix.


I'm all against DRMs but the friction nowadays is, if you stick to one platform, almost zero, way less than your average pirated experience. Now, if we talk about platforms balkanization and how you have to shell out 50€-$/month if you want to enjoy just the best content from major platforms, that's another topic.


The pirated sites are often streaming sites similar to Netflix. Search for a movie, click play. Quality of service does vary, but the catalogue tends to be much bigger.

As you pointed out, "sticking to one platform" isn't an option because the platform most likely won't have the content you're actually looking for. So step 1 is figuring out which platform that is. Step 2 is probably logging in if you don't keep persistent cookies, and that assumes you're subscribed. By this time your movie is already playing if you take the "alternative" approach.

Even if you didn't mind shelling out 50 EUR/month + whatever extra per-movie surcharges Disney+ charges, the balkanization would still cause significant friction.


I agree it’s really cheap. I know people spending three times that for some cable tv service which comes with adverts in the middle of programs!

At some point streaming will devolve to that, and it will be back to torrenting as the content providers kill the goose that lays the golden egg


You're mixing up things. DRM goal is not to prevent copies, its goal is to give media producers control over the distributors.


Care to elaborate? What are they gaining from that?


Giant media conglomerate says to Big distributor:

  - Hi distributor! Do you want to distribute our content? You just have to make sure players will have this list of anti-features.
Big distributor says to manufacturer:

  - Hi manufacturer! Do you want to play the content we distrubute? You just have to make sure your TV's will have this list of anti-features.

And here we are.


Yep, like the unskippable ads on legitimate DVDs, where you couldn't be certified if you made a DVD player that let you skip those video files like all the others on the disc, and you couldn't legally make an uncertified player because of the DRM.


Exactly. Like consuming content from another region, having a personal backup copy of content we legally bought, like re-selling content we legally own, like recording and replaying transmission from "terrestrial"/"over the air" TV, like making our own devices capable of playing that content...

These are all rights that (AFAIK, IANAL) we legally have but can't exercise because media producers took the control over distributors of content and devices manufacturers.

We have nothing equivalent to a VHS recorder where can simply press a button, recording whatever is on TV to a removable media and play it anywhere else! We can't even buy a non-smart (actually calling it smart is dumb) TV for a reasonable price anymore!

Video rental stores are all closed where I live. Media consuming has degraded to before 90's experience.


>We have nothing equivalent to a VHS recorder where can simply press a button, recording whatever is on TV to a removable media and play it anywhere else! We can't even buy a non-smart (actually calling it smart is dumb) TV for a reasonable price anymore!

to the first part, some of the "antenna to HDMI" boxes let you plug in an SSD, and will let you have a "recording loop" like a DVR, and also let you DVR scheduled shows. If you then take that drive and plug it in to a computer, it will have files that open with VLC/mpv/mplayer/whatever.

And to the second part, I used a large monitor as a TV for a long while, and my primary screen is a projector, both of which are just dumb "bits to nits" devices. The downside is having to have external speakers.


> to the first part, some of the "antenna to HDMI" boxes let you plug in an SSD, and will let you have a "recording loop" like a DVR, and also let you DVR scheduled shows. If you then take that drive and plug it in to a computer, it will have files that open with VLC/mpv/mplayer/whatever.

What you probably will not find is one of these devices with support for netflix. No big name brand offer this feature. Probably not supporting this feature is required to get permission to support netflix.

> And to the second part, I used a large monitor as a TV for a long while, and my primary screen is a projector, both of which are just dumb "bits to nits" devices. The downside is having to have external speakers.

Yes. No "integrated" set. TV's now are locked down computers which take as much control away from the owner as possible.


But what are they gaining from that?


Some of it was discussed a few years ago: https://news.ycombinator.com/item?id=7751110


Among other things, they remove competition.


Where and how? Removing competition among distributors? media producers? manufacturers?

The only place where I could see it reduce competition is manufacturers sure, but why would media producers want to reduce competition there?

I think it's media producers refusing to accept they can't stop pirating and manufacturers making use of that to sell them stuff. In the end it's only the manufacturers who make money from DRM.


Remove competition among manufacturers because nobody can legally build and sell a compatible player without the key's owner permission.

Remove competition among distributors because media producers can refuse giving permission to distribute their media without agreeing to whatever terms they impose.

Remove competition among media distributors by creating silos of content where you can't find one or another title. Today, if you want to have reasonable access to media, you'll have to sign more than one stream service; compare this to how you could go to a rental store 15 years ago and choose media from many different producers.


>Remove competition among manufacturers because nobody can legally build and sell a compatible player without the key's owner permission.

And what are media producers gaining from less competition among manufacturers?

>Remove competition among distributors because media producers can refuse giving permission to distribute their media without agreeing to whatever terms they impose.

They don't need DRM for that, copyright is enough. Those who want to distribute legally do follow the terms with or without DRM. Those who don't do distribute illegally with or without DRM.

>Remove competition among media distributors by creating silos of content where you can't find one or another title. Today, if you want to have reasonable access to media, you'll have to sign more than one stream service; compare this to how you could go to a rental store 15 years ago and choose media from many different producers.

15 years ago DRM was already a thing (albeit badly implemented) and it's really not DRM that killed rental stores. The internet did. Exclusive contracts is what's killing competition among media distributors.


>>Remove competition among manufacturers because nobody can legally build and sell a compatible player without the key's owner permission.

>And what are media producers gaining from less competition among manufacturers?

It becomes much easier to impose restriction on costumers. These restrictions end up forcing the costumer to pay more or more than once for content.

>>Remove competition among distributors because media producers can refuse giving permission to distribute their media without agreeing to whatever terms they impose.

>They don't need DRM for that, copyright is enough.

Right, but copyright law doesn't prevents me from owning backup copies of content I bought, copyright law doesn't force me to pay periodically to have the right to listen to something, copyright law doesn't force me to watch a content using certified devices only, copyright law doesn't prevent me from legally creating and selling a player for a content... DRM does.

>>Remove competition among media distributors by creating silos of content where you can't find one or another title. Today, if you want to have reasonable access to media, you'll have to sign more than one stream service; compare this to how you could go to a rental store 15 years ago and choose media from many different producers.

>15 years ago DRM was already a thing (albeit badly implemented) and it's really not DRM that killed rental stores. The internet did. Exclusive contracts is what's killing competition among media distributors.

DRM makes it much easier for silos to thrive. For example, I can not re-sell, I can not rent, I can not watch on a non-certified device, I can not use it on a device which has all required anti-features to be allowed to play an specific content.


i think you have something here.

if DRM is at least stifleing competition, thats antitrust brewing up


I'm assuming the commenter you replied to is talking about the fact legitimate distributors usually follow the law. They're going to pay the large sums of money instead of breaking the DRM.


But they would be paying the same money without the DRM too; they're paying to be legitimate, regardless of whether the DRM is there.


> But I have seen a lot of my non-technical friends and family having a degraded experience, who pay for their streaming services every month.

That's a feature, not a bug, from the perspective of those pushing DRM and other access/consumption controls onto consumers.

How many times will someone buy the same content just to find the best combination across all their services and devices to fit their current arrangement? A hell of a lot more than if they just bought a universally playable instance of maximum quality that never gave a poor experience in any viewing context.

It's an ugly, exploitive rent-seeking form of "worse is better".


We really need real, ownable media. While I understand that even "owning" a disc 20 years ago was considered a license and not ownership, let's call it what it is for these intents and purposes here. I want to own my music, I want to own my movies and I do NOT want to essentially rent them and have them revokable. Same goes with games. I'll continue to pirate the videos and music as I see fit and continue to play emulated N64, PSX, etc games that are full copies of unchanging code. I don't want my collections to need an internet connection. The cloud is a fad that needs to die. I know many here like cloud, but it's a trap. Anyway, just my thoughts. I'll check out these tools if they're still up on the 'hub.


Sounds like an NFT project


> Hi! My name is WVDUMP. I am Leaking the CDM to burn it & punish few idiots that think themselves as dicord lords :smile:

Why do so many people doing illegal/shady shit online use Discord? You might as well be using Facebook at the point.


They use Discord for illegal stuff because they already use it for tons of other things. Sure it's a bad idea, but they don't care (and with all honesty, Discord support doesn't seem to either).


Discord - a lack of agreement or harmony

Synonyms for discord

conflict, disaccord, discordance, discordancy, disharmony, dissension (also dissention), dissent, dissidence, dissonance, disunion, disunity, division, friction, infighting, inharmony, schism, strife, variance, war, warfare

Seems pretty fitting? :)


Before Discord they were using IRC which was printing your IP address (or reverse DNS) when joining a channel.


The IRC networks I used did not block VM's and rented servers from proxying my connection or using an IRC client from a tmux/screen session. Back then I could use visa gift cards to rent machines. That is harder to do now.

Discord in most cases will prevent people from doing this. Most people should be ready to click all the crosswalks, buses, traffic lights forever in a loop.


At least with IRC you can use a VPN and self host a server.

Discord can, and is highly incentivized to, identify and track you across the internet.

Idk if they do this, but it shouldn’t be that hard in this day and age to build a profile on users based on messages and activity. That can be cross referenced with other sources of data to identify you, especially if it’s done manually by like an FBI agent or whatever.


IIRC quite a few botnets used to use public IRC channels as C2 servers (also a pretty bad idea).


> You might as well be using Facebook at the point.

There is a lot of illegal activity being organized on Facebook too. Especially in non-English. In the short term and at scale, that is as good as encryption.


They're also authoritarian and poisonously woke.


A pile of .exes and compiled python code like this, especially with such a targeted audience, seems like a great vector to potentially own a lot of people's boxes.


This was my first though as well, but not everything is in compiled form. For example see `bad34.py` in the Paramount-Plus-4k-Downloader repository.


I just want to control the viewing experience, not hoard warez.

Effortless rewind, skip filler (car chases, sex), play at x1.25 speed, etc.

aka the "Blu-Ray experience".

If that means I gotta bypass the DRM and download, so be it.

--

Some shows have my complete rapt attention. I'll keenly watch (and rewatch) every single frame. Like Netflix's Maniac. OMG. So frikkin good. (So many other examples.)

Other shows, especially rewatching a series, I just want to focus on the character development, dialog, and plot points.


> aka the "Blu-Ray experience"

Have you actually used blu-ray or are you thinking about DVDs (and Blu-rays are a natural evolution in your mind?)

Because, honestly, Blu-rays are atrocious.

Every so often I actually buy a BluRay, not only to support the work but also because in the case of losing internet (but not power) I'd like to watch a small selection of carefully curated movies.

I was in such a position 2 years ago, I had moved home and the internet had not yet been installed.

Did you know that in order to play blurays on the Playstation 4 (a Sony product, where Sony is also the maker of the BluRay spec and it was even a Sony movie!) that the device must be connected to the internet to play bluray's?? I didn't.. that was a shock.

So I took to Linux, which... just couldn't play it...

Why?

The DRM keys could not be installed along with VLC (or something), after googling for half a day on my phones 4G to figure it out I ended up not significantly wiser and realised I'd been hoarding a bunch of useless plastic.


Thanks for the heads-up about ps4 bluray playing. Apparently (assuming reddit posts to be correct) the internet requirement is a one-time thing where it downloads codecs, and Sony is supposedly doing it this way so they only pay the codec licensing fee for ps4s whose owners ever actually play a bluray rather than for ever ps4 ever shipped. So I'll make sure to do a test bluray play and then fingers crossed if I want to watch something in future when the internet is out it will work...


Memory isn't quite what it used to be, but if I recall, this was also the case with the Sony PSP, Vita, PS3 and XBOX 360. They all required a separate activation step for playback of specific licensed codecs (I believe it was both MPEG2 and h264, varying with system).

Unfortunate that a pretty basic piece of functionality is forever lost once the activation servers are taken down.


Then half a day time could've been saved by having the PS4 briefly connected to the internet via 4G.


Want something worse? Blu-ray constantly changes the keys as they get cracked/over time. If you don't have new keys you can't play new discs. Our first Blu-ray player stopped getting firmware updates and so stopped getting new codes. Became basically junk as who wants a Blu-ray player where it only can play films released pre-2012?


That's probably why the PS4 needs internet, fresh keys/updates fetched when launching the disk.


Good News! Look into makemkv and the associated forums. There are a couple of Blueray drives that can have their firmware modified to strip the DRM from the discs and give you clean files you can then play in VLC, MakeMKV or any other player. It gets even better! The software strips DRM but then also bundles the subtitles, all audio tracks, all different angles and everything else into a single file so that you just double click and the movie starts. Its the best of all worlds. Yeah you might have to buy a Blue-ray drive and man are these files large (35-100GB) but I think its worth to so I can banish these discs back into my closet where I will never have to deal with their restrictions again!


Busted. I conflated the two. Apart from the FBI warning and goofy one-off menus, I mostly loved DVDs.


I have the best possible experience by ripping my own Blu-Rays into my own Plex server, including all the languages, subtitles and commentaries. Easy to use, kids-friendly (no dirty fingers on discs), playable from anywhere, including offline with synced copies, and I don't pay a monthly fee to watch the content I already paid for.

I wouldn't go back to subscription-based services, even if that means I have to wait for a disc release. At least there's a market for used Blu-Rays so I don't have to pay a fortune.


Do you have a guide for doing this?

I think I killed my bluray drive but I'd consider buying another one if I can rip decent enough quality movies from them.


Use MakeMKV to pull an MKV off the disc, then use Handbrake to compress it to a reasonable size. Relatively easy, just takes a bit.


You can skip the MakeMKV part and directly encode through Handbrake if you add the required libraries (libaacs, libbdplus) in your Handbrake install directory and grab decryption key database (which I won't link here). You can do the same with commercial DVDs and the libdvdcss library.

Then it's just a matter of opening the disc directly in Handbrake.


I've found MakeMKV to be much more reliable than Handbrake for ripping.


In my case I could never get MakeMKV to recognizey blu-ray drive, even when running the program with admin privileges.

And why run MakeMKV then run the MKV in HandBrake if I'm going to transcode it to x265 anyway. At this point I'll do both at once.


I use ffmpeg to batch convert ripped files. Decoupling ripping from transcoding is more efficient for me. I can get all the ripping done as fast as possible. Transcoding takes a lot longer.


Assuming it’s 1080p not UHD I’ll often keep the MKV with how cheap storage is.


I _think_ you can rip it to a 4K UHD mp4 but it's been a while since I've done this. Tricky part is really compatibility, not sure if some of the apps I use to stream from NAS support MKV.


There are a few drives that when modified can rip 4k. It is a pain and the drives are kinda slow but it works.


I thought blu-ray decoding was not possible. I remember long ago the DVD keys were extracted but it became impossible for blu-ray, except with a modified blu-ray disk drive with an older firmware that enabled this.


IRRC they usually roll new master keys periodically, which normally requires a firmware update to get an updated set model-specific decryption keys, which I believe they can blacklist if the drive is compromised. Feel free to correct me on this, I'm a bit rusty on the matter.

I haven't bought new movies lately, but I've been able to rip all the blu-rays I currently own with my old Blu-Ray drive.


I bought a “cheap” ($100 at the time) USB3 bluray player and it ripped discs fine - even on Linux. I believe MakeMKV has you install the necessary libraries for decrypting.


I think I read (on an Amazon review for a specific LG blu-ray product) that updates to the firmware of new devices happened in 2016 and no longer allowed reading 4K commercial films from that medium. I'd have to try and see how to do it today.


Who the hell skips car chases? What movie had a car chase that you wanted to skip that made that movie more watchable (this sentence applies to the furious films as well, skipping the chase scenes there gives you the dumbest drama of all time).


Car chases are often filler like action scenes in general are filler, IMO.

It's not universally true and depends on how consequential the scenes are. If you could flash "<insert fight scene here where X gets the upper hand>" instead and not miss much, I don't want it.

Movies with top, top notch action and/or better integrated action are exceptions. The original Matrix, John Wick movies, Baby Driver, The Italian Job, Mission Impossible, etc.

Superhero movies are usually not (it feels like they paste the drama and the action together in editing and it's dreadful).

> (this sentence applies to the furious films as well, skipping the chase scenes there gives you the dumbest drama of all time)

Well, yes, and I don't watch those movies :d.

(I don't actually skip these car chases, but I do often zone out.)


Yup. Just depends on the telling.

"There are only two types of music. Good music and bad music." -- Duke Ellington.


It is not the fact they are a car chase but their relevance in the story.

Personally when I rewatch the Back to the Future trilogy, I skip much of the car chasing stuff.


My point is, it’s almost unheard of that a good movie has a boring car chase. Or at the least the movie is a good action movie. If you’re watching Fast 5 or whatever, of course the chase is campy but the entire movie is campy. What are you watching the movie if not for the chase? The plot?

Even in the Bourne films with ostensibly better story lines, I’m struggling to understand how you’d be interested in watching those movies if you’re actually not interested in watching the chase scenes fully. I often just watch the chase scenes on YouTube to give where I’m coming from. I rented Bullit and Ronin and watched then just for the chase. So I suppose I’m the opposite.


I skip most of them. This is just my own personal preference but unless someone comes up with a new angle on this they are just boring and repetitive for me personally. The same goes for most fight scenes. I spent many decades watching martial arts films and now find most of the fight scenes to be repetitive. The only recent exceptions to this I can think of are the Bourne series, Kate and the first John Wick film. Prior to those, Kung Fu Hustle because of the mixed in comedy and thousands of movie references. Nothing else really comes to mind that I wouldn't skip.


Check out Atomic Blonde as well (for good fight scenes). There is a certain style of exhaustion about the fights in that film that I really love. I don't skip fight scenes regularly but I do also find most of them boring as hell and hard to watch (primarily because of excessive cutting).


Imagining "Baby Driver" edited this way.


Exceptions to every rule, right? The car chases in Baby Driver are crucial to the story. So good.


As a counter example, I watch Bullitt just for the car chase.


Yes but is not Bullit the original "car chase" movie?


For a moment I thought The Italian Job (the original one) was first. But you're right, Bullitt is older by a year.

Bullitt was definitely unmatched for a long time.


The "Highway Patrol" TV series of the 1950s was a precursor of the car chase genre, as were some notable film noirs that elevated car pursuits as story lines i.e. High Sierra, White Heat. Agreed that Bullitt is exemplary, but don't forget The French Connection, Duel, Easy Rider, Two Lane Blacktop, and Vanishing Point and you have some great car/bike films of Bullitt's era. The hoaxy C'etait un Rendez-vous is likewise great if you don't do the time/distance math.


But did not also many James Bond movies feature car chases prior to this? Or do their car chases differ perhaps?


Bond films did not exist in the classic film noir era of the 1940s and 50s, but yes they did precede Bullitt and are a good example of films with car chases as major plot devices.


I have sat through some movies just for the car chases.


Fast and Furious 1 was a decent film that I enjoyed. I even have watched more than once.

But the sequels are a different story. Those were unnecessary and absurd.


Meme scenes like "This is Brazil" and "The winner gets me" are icons of absurdity.


I think car chases are really boring, so I would. I also don’t drive, so maybe car chases appeal more to drivers.


Also performance. I have moderately high-end hardware, and Netflix's windows app stutters drawing subtitles.

Using MPC-HC with LAV splitters/decoders is flawless, even with low-end hardware.

And Smooth Video Project is an excellent alternative to $1000+ "smart" TV frame interpolation.

And even with a gigabit symmetric connection, every streaming service's CDN struggles and gives me a low bitrate every few minutes.


You might like vidangel, never used them though.

https://www.vidangel.com/


FYI There is a great chrome extension that allows you to control playback speed, and it works on just about every video site.


On my phone so can't respond fully but if you select the <video> element in chrome and Firefox, you can control the .playbackRate attribute. Extensions can be useful but also abused, this is simple enough to do with a bookmarklet or manually


I'm interested. Link? I'll mosdef try it.

For whatever I reason, I have to use Firefox to watch Disney+. (Mac Safari will always eventually ABEND. Shouldn't Apple regression test Safari on the Top X most popular sites?!)

As for spotty rewind, like with Netflix, another comment might have the explanation (root cause); streams are broken into individually encrypted chunks. So of course there's lag (latency) when jumping around the timeline.


This is the one that I use to control video speed pretty much anywhere (works on any Chromium based browsers): [Video Speed Controller](https://chrome.google.com/webstore/detail/video-speed-contro...)


Similar extensions exist for Firefox as well.


I don't care about downloading anything. Does it allow me to watch netflix without the need of proprietary software?


I don't care about downloading anything either. Does it allow me to watch Netflix at the resolution I pay them for?


source available software can still be proprietary


Can't ffmpeg/gstreamer/whatever just use the keys?


It seems to use ffmpeg and aria2. :-)

So the repo is a bit like youtube-dl in that it puts the pieces together and finds the right links.

https://github.com/widevinedump/WV-AMZN-4K-RIPPER/tree/main/...


For a while, there were HDMI splitters for sale on Amazon that would effectively strip out HDCP 2.2. I haven't checked in a while, but I bet that's still the case.

It seems like these DRM efforts are futile, but then I remember that it's really just about keeping piracy outside of the grasp of "common folks". They will never be able to stop piracy if someone is determined enough.


Really? HDCP 2.2? I'm not aware of any of those except for the HDFury products with a custom firmware.

Any links to examples? Are you sure you're thinking 2.2 and not 1.4?


Yep, I'm positive that it's HDCP 2.2, but I don't think I should post a link here for obvious reasons. I also don't remember which one it was, but it was a switch capable of 4k60 (HDMI 2.0).

There was a forum where a guy had some sort HDMI analyzer on both ends and confirmed it.



I don’t know why but for some reason I was hopeful to see unit tests in any of the repos. Searching “test” for that user doesn’t reveal any tests. :(

Even the digital property liberators/internet pirates don’t test their software. I feel like I’m on an island with a small population of test enthusiasts.


There's no point I guess, this kind of thing does not work for very long anyway. Because it gets blocked server side once it's out.

It's more like a proof of concept than production code.


In this case, not so much, they block individual CDMs as they get leaked, but if you dump your own or find/purchase a non-public one, you're off to the races. They don't change the basic software APIs or crypto occurring.

However when it comes to something like this, it pretty much works or it doesn't and it'll be obvious one way or another when you run it. Writing unit tests for that is probably of limited value.


>Even the digital property liberators/internet pirates don’t test their software.

The lack of automated tests doesn't mean they don't test their software.


You’re right I should be more clear. I was more interested in automated test rather than manual/exploratory testing. Thanks for the opportunity to clarify my comment.


What's the best place to get started with testing? As a newbie brogrammer it's intimidating enough writing software that works, let alone suites to comprehensively test it. Is there a testing 'bible'?


You'll fare much better in today's software industry climate if you don't use the word brogrammer


I cannot recommend a book or an article, but just wanted to give an idea: automated testing is when you make a script do what a human tester would do. So maybe you should read about testing software in general. How test planning is done, how do you choose test cases.

You start with listing requirements (what a program/a class/a function is expected to do or not to do) and then write tests that verify that it is indeed so.

The easiest thing is writing unit tests. Pick a function, define requiremens and write a test for every requirement. If your code is not very modular and it is difficult to isolate a class or a function in order to test it, then maybe you should refactor the code first.


Build systems that break, the tests come naturally after that.


There are many deeply held beliefs that people have about testing, so I recommend reading many different takes on how to structure your testing approach. For the pragmatic python programmer, Brian's book is quite good as a starting place:

https://pragprog.com/titles/bopytest/python-testing-with-pyt...


>Even the digital property liberators/internet pirates don’t test their software. I feel like I’m on an island with a small population of test enthusiasts.

Ultimately, what's the point. The tool either works, or it doesn't. Then you patch what doesn't work so it does work.

Heck even the Linux kernel isn't tested.

Unit tests are so management can have a good metric to sell code quality. I don't know any time unit testing has actually benefited shipping faster (which really is the only bottom line those above you care about)


> Heck even the Linux kernel isn't tested.

Linux kernel self-tests:

https://kselftest.wiki.kernel.org/

Kselftest is run everyday on several Linux kernel trees on the 0-Day and Linaro Test Farm and other Linux kernel integration test rings.

Most recent update to the source code was yesterday 2021-12-26:

https://patchwork.kernel.org/project/linux-kselftest/list/


> I don't know any time unit testing has actually benefited shipping faster

There's a lot of empirical research about this. A. Lot. Starting in the 80's, even. It's as close as it gets to empirically proven that software testing greatly reduces bugs and regressions, and accelerates delivery over the long term. It's not as clear if the acceleration is entirely freed up resources that would otherwise be spent fixing bugs, or if it also makes people develop faster. Also, it's pretty clear that Automated testing doesn't accelerate short or short term projects.


> I don't know any time unit testing has actually benefited shipping faster

It's of huge benefits to me when I have to make a small tweak (fix a bug, or add a new specific corner case) into an existing codebase that I didn't write and don't know very well. Being able to make a small change and being confident that it will not send everything burning in hell.


This, and any code base of significant size is unknowable and starts to produce bugs naturally. Requiring tests and verifying minimum coverage are a few things you can do to control the death spiral.

I have worked on large systems devoid of tests. Not recommended. I literally witnessed multi-million dollar losses that would have been prevented by requiring tests.


> Heck even the Linux kernel isn't tested.

Apart from the Linux Test Project [0], run by all the big Linux names, who regularly issue very detailed bug reports and usually patches as well, you mean?

[0] https://linux-test-project.github.io/


My experience: running a unit test is much faster than a manual test.

While developing a feature or fixing a bug, it speeds you up overall, in spite of the initial investment in writing the test.

As a bonus, you can keep them running permanently, to prevent new bugs or regressions.


And the test covers much less surface area than most manual tests.

For code that's expected to be stable for a LONG time - sure, write lots of good tests.

For code that breaks at someone else's whim, which has a small shelf life, or which has a large surface area, think really, really hard about whether the test is actually going to be worth it.


but linux kernel is covered by tests. Not 100%, not all the subsystems, but there are automated tests nevertheless (introduced by Greg K-H, AFAIR)


Why isn’t the kernel tested? Too close to the hardware to be practical?


I've often wondered how easy it would be for people in the scene to rip Netflix or others streaming content. Isn't it as simple as getting the URL of the video player element in the browser and using cURL or wget?


It is, but the resulting files are encrypted. Hence this post being about exposing CDMs (Content Decryption Modules). These use decryption keys obtained through hacking or paying internal staff. Once the decryption keys are exposed like this then the content providers 'burn'; them and generate new ones meaning the process has to start over again.


I assume at some point Widevine plugin decrypts these files to display the actual video stream in the browser, correct? Why don't they capture already decrypted stream?


You are technically correct. The stupid thing about DRM is that the player has to download the decryption keys into the RAM of the player. All these players do is try to obfuscate the keys so they can't be accessed very easily. When you see these proper rips out there they are being done by groups who extracted a decryption key from the player and used that to unencrypt the stream.

DRM is dumb. I used to work on DRM. It was dumb then, it's dumb now.


My thought is that the decryption and decompression are interlinked.

So while it’s relatively easy to get the raw stream, if you want to re-distribute it, you’ll have to compress it again.

With these leaks, you can get the compressed and decrypted files and re-distribute without any added compression loss.

Maybe I’m wrong, but it’s the only thing that makes sense to me.


That's why they now embed displays with verification modules. Basically whole stack from server to your display is a giant chain verifying you are not doing what they don't want you to do.


Though often they get it wrong, like when I bought a movie off Apple and it errored when I screen mirrored to my dumb TV and it’s back to piracy first for me.


Your dumb TV doesn't have the appropriate HDCP chips, which is why it errored. Your computer didn't know whether it was a dumb TV or if it was an HDMI capture card ready to rip the movie...

Not that I agree with the practice.


And see how well it works. 2 hours after airing everything is online. The only ones they're giving any hassle are legitimate consumers.


This is a similar charade to airport security: It doesn't actually do anything but satisfy a bunch of suits and create some pointless jobs around it.


These things are designed to hassle legitimate customers only. Pirates are never going to pay anyway. DRM is so they can squeeze more out of paying customers.


It depends. Today there are APIs which allow the actual decryption to be done directly on the GPU, while requesting the GPU to not allow the sharing/capturing of those decrypted images.


It's not that simple. The video files are chopped up into pieces for streaming, so what you would download (assuming wget would handle the stream) are thousands of tiny files. You could reassemble them with ffmpeg, but first you'd need to decrypt them. It's the encryption that these leaked scripts take care of.


Netflix is not just like <video src="something I could put into VLC">... DRM is often said to be "broken by design" but it is an actual thing you have to defeat, not some lie told to scare you away.


No, because the video is protected with the Widevine DRM. You can't just curl a resource, you will not get a usable output.

That said, it can't be all too hard as Netflix exclusives are all over the open seas.


There's a software kit distributed in "the scene" that downloads and decrypts Netflix content


I think there is actually no challenge to rip them because everything streamed seems to be almost immediately available for download in the original bitstream format without any recompression (at least for 1080p content).


https://github.com/widevinedump/NETFLIX-DL-6.0 seems to have just been replaced with https://github.com/widevinedump/NETFLIX-DL-6.1.0

Due to a bad connection the 6.0 clone didn't finish. So, naturally, I tried again and was receiving a login prompt....so I go to the URI in a browser and ... 404. But the 6.1 repo was available...


Can’t you just record the screen or is there something preventing it?


The DRM (tries to) prevent it.

You can also record the HDMI signal, which HDCP is supposed to guard against. But it was cracked even before it was being used/enforced. So now it only serves to create incompatibility issues and bugs for paying users. Even though it has been irrelevant for more than a decade.

I guess the reason for why it still exist is because it prevents/hinders legal products to circumvent it, since that is against the law in many jurisdictions.

Anyway, the downside of both solutions is that you have to re-encode the video, which will never be as good as the original source you get directly from streaming it. Though I'd imagine the difference is quite negligible. More effort though!


> So now it only serves to create incompatibility issues and bugs for paying users. Even though it has been irrelevant for more than a decade.

Hey that's me! Every time I open a website that has DRM to the max like Spotify or Netflix, my second monitor goes black for like 10 seconds. Fun times.


Every now and then, my AppleTV will display a message stating that it can't play my home videos of my cat to my TV because the TV doesn't respect copy protection.

I just restart the AppleTV and everything works again. I don't know what causes it, but it's been going on for at least five years across multiple AppleTVs, two televisions (Samsung and LG), and OS updates. But it persists, just like the AppleTV bug that kills all audio if I turn off the TV without turning off the AppleTV first. Again, the solution is to restart the AppleTV.


> Though I'd imagine the difference is quite negligible. More effort though!

Depending on your settings it's pretty visible. You'd need to reencode at a significantly higher bitrate to minimize quality loss


That's what Widevine prevents: It ensures the decrypted video is only available to proprietary devices and software which agree not to help you rip the video.


At the end of the day you can always record the video buffer in some way or another (hdmi capture device, etc). The problem is that screen recording isn't what you want: it's lossy because you'll re-encode the output of a lossy encoding (at comparable level). You always want an ultra high quality source for encoding (in comparison with your target quality), else you'll amplify artifacts. To not deteriorate the perceptual quality you'll have to do little lossy compression (ie big file size, much bigger than the original encode).


> At the end of the day you can always record the video buffer in some way or another (hdmi capture device, etc).

You actually cannot without an HDCP decryptor, which tends not to be sold in a lot of countries since it's primarily used illegally.

The idea with encrypted video such as Widevine, is that any time it passes over an unapproved device (such as an HDMI cable), it is encrypted on it's way to a device authorized to decrypt the signal.

Also, HDMI is a digital format, and you lose nothing in transfer over it.


> You actually cannot without an HDCP decryptor, which tends not to be sold in a lot of countries since it's primarily used illegally.

They are trivially easy to buy online though


And this is why I do not pay any company engaging in DRM.


Screen recording introduces generation loss.

This method grabs the untouched video stream.


Yes, HDCP is supposed to prevent though it is easily bypassed.


I remember seeing an article showing that many (not all) of the HDMI splitters on AliExpress just disable the HDCP with no hacking required.


Your own hardware could in theory, watermark the output from the secure element. By ripping the original stream you get superior quality and no watermark. As long as it's not economically viable to serve every user a unique version of the stream of course.


Am I correct that homomorphic encryption will solve the DRM problem, in the sense that it will be mathematically proven (in the cryptographic sense) to be impossible to bypass?

Of course, you'll still be able to cam-record the actual output, or steal the image from the TFT/OLED electronics, but no easy bypass.


You are wrong. An encryption, any encryption, needs a key for decryption process. If the client is given that key then it can decrypt and rip the content. If the client is not given the key then how will they legally watch it since they paid for the content anyway?

As a rule of thumb, anything that was made by humans can be unmade by humans. All you can do is make the pirate life harder, but never impossible.


The issue is that the image will always exist in a decrypted state if you're presenting it to the user. You can push that decoder further and further down the pipeline, but there's always a clean framebuffer to rip, no matter how you frame it. Yes, they could make it harder, but I could also design an Arduino that dumps the serial output of your decoder before it reaches the display controller. It would take some borderline space-age technology to design an IC resistant to that sort of vuln.


So this repo contains keys that are soon to be blacklisted, but for $150 you can subscribe to the leakers API which presumably has other keys and will decrypt one movie at a time for you.


Is it possible to use widevine if you don't run binaries from others and build everything from source yourself yet? This doesn't look to be that as far as I can tell.


Surely some people just use screen recording software for the "Download" illegally part?


This usually doesn't work because of HDCP, and you'd have to reencode the video stream, sacrificing quality. Removing DRMs is a lot cleaner.


Makes sense, and I know a lot of people are like "4K ultra or nada" but I grew up in a world where 480p was watchable and good enough that you would invite friend over and have a freewatch party. So I guess it depends who is watching right?

I tried a couple of screen recording tricks and it appears that Netflix is easily captured on Chrome....


There are also HDMI recorders you can buy online that strip HDCP and encode to a USB stick.


The DRM technologies in place prevent screen recording from working, as far as I know. Or at least prevent it from working at high resolutions.


I found this interesting, so I tried: I recorded a HD movie on Netflix in Firefox, recorded using simplescreenrecorder on KDE5 in Xorg. I remember it was impossible to record shared screen in old (Ebay owned Skype).


This is why Netflix only serves Firefox low resolution video.


It's not just Firefox though, if you're running Chrome on Windows or Mac, you get the same 720p as Firefox.

The only way to get Netflix in high def (1080p and 4k) from a web browser is to use a browser that is made by the same company as the OS it's running on.

e.g.:

- Microsoft Edge running on Windows 10 or 11 (if running Edge on some other OS, output will cap at 720p)

- Chrome running on Chrome OS (if running Chrome on some other OS, output will cap at 720p)

- Safari running on MacOS

In any scenario not listed above, Netflix serves a max of 720p.

https://help.netflix.com/en/node/23931

https://help.netflix.com/en/node/55764


HD != 4K


I don't think that works with HDCP, usually you get a big green box or something


Dunno who the person linked by that miimoji thing, but I hope they have a good lawyer


The person who leaked either: used their repo as a basis for their readme, just found some random character and decided to use it, or it's one of the discord people they were talking about.


the videos look interesting but i am on linux and this looks windows only. also, i need some background knowledge to get this working so i could not retry.

a good attempt imo. if i had the time and the necessary technical competency, i would've loved to jump into it. for many years piratebay was my default homepage. now, lookmovie or vumoo gets my occasional streaming fix


I imagine it's windows only because widevine on Linux is crippled for many services, like HBO Max.


well if the utility is merely breaking encryption on the url, it shouldn't matter what the host is? right?


Ah, perhaps. I didn't look to see how it works, if it requires the widevine binaries, certificates that come with it, etc.


It isn't.


Haha, I chuckled when I saw that bandicam logo.


Does anyone know what CDM stands for or refers to? Saw the acronym mentioned in a lot of the repos.


Content decryption module: https://en.wikipedia.org/wiki/Encrypted_Media_Extensions

A component that decrypts streams locally, which DRM makers intend will be restricted enough to not leak the keys it uses.


Thanks for the explanation. So it seems like these repos are just scripts to download content and decode it once you have a CDM then? Seems like the actual CDMs here are ripped from devices and not actually included in this leak from a cursory glance.

Edit: Yep this is what is happening, but there is an L1 CDM in the Lenovo repo. I should read the article before jumping in to the comments/code. :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: