-
Notifications
You must be signed in to change notification settings - Fork 69
How EME Widevine works
This diagram has been simplified to make it easier for the noobs to understand and contains a few errors and misrepresentations.
At step 3 of the diagram, CDM sends a challenge containing its own public key to the license server.
The license server returns a key encrypted with its public key as a license.
Therefore, CDM can generate keys with private keys that are obfuscated and hard-coded into itself.
In many cases, when sending and receiving the challenge and license in steps 3~4, the license server uses raw binary data for both its request/response.
However, some license servers often require and return the challenge/license in encoded form.
CommonWV response that uses RAW format
DRMToday response that uses JSON+base64 encoded format
Scheme files are used to define the format of these license server challenges/licenses.
See How to add custom license scheme yourself for more information.
The challenge generated in step 3 includes a unique identifier and hardware information.
This can be confirmed by actually checking the challenge generated by Pywidevine.
EME sends a challenge based on these information to the server, that allowing Big Brother to revoke a particular CDM or refuse to return a license based on hardware information.