github devine-dl/pywidevine v1.4.2

latest releases: v1.8.0, v1.7.0, v1.6.0...
2 years ago
  • Supported Serve API: v1.4.0 to v1.4.2

Changed

  • Sessions in Cdm.open() are now initialized with a unique session number.
  • Android Cdm Devices now use a Request ID formula similar to OEMCrypto library when generating a Challenge.
    This formula has yet to be fully confirmed and ironed out, but it is closer than the Chrome Cdm formula.
  • Device no longer throws ValueError exceptions on DecodeErrors if it fails to parse the provided Client ID, or
    it's VMP data if any. It will now re-raise DecodeError.

Fixed

  • Parsed Proto Messages now go through an elaborate yet efficient verification, it must parse and serialize back to it's
    received form, byte-for-byte, or it will be rejected.
    • This prevents protobuf from parsing a message that could be a different message depending on the starting bytes.
    • It was possible to bypass some minor checks by providing specially crafted messages that parsed as other messages.
      However, I haven't noticed any way where this would lead to a vulnerability or anything bad. It mostly just lead to
      Serve API crashes or just rejected messages down the chain as they wouldn't have the right data within them.

Don't miss a new pywidevine release

NewReleases is sending notifications on new releases.