They find devices that are easy to hack (and I mean rip and tear) and extract the decryption keys from each of them, from what I have heard cheap chinese tvs and set top boxes, they extract the keys from the chips (hardware hacking, heard some even use microscopes to read the keys by hand), and then use them to decrypt streams, I heard that they catch them pretty fast to they use like 1 device per season. This is why they use mostly stollen devices.

▲

jcalvinowens 17 hours ago | parent | next [-]

The really shitty thing is that vulnerable devices get blacklisted en masse, so all legitimate users get stuck with 480p video content on streaming services. The Nexus 5 got this treatment, as I understand it, because it was too easy to extract the keys.

▲

zelphirkalt 9 hours ago | parent | next [-]

Not a Netflix user here: Are you saying that paying customers get cut off from higher video quality, that they are possibly paying for, and pressured into buying new devices? That shit should be illegal!

	▲	jcalvinowens 9 hours ago \| parent [-]
		Yes, that's exactly what happens!

▲

charcircuit 13 hours ago | parent | prev [-]

It provides a good incentive for manufacturers to invest into security for their devices.

▲

jcalvinowens 13 hours ago | parent [-]

No, it provides no incentive at all!

It's the users who suffer when this happens, not the manufacturers. The manufacturers couldn't care less, the money is already in the bank.

If the manufacturers were required to replace all the revoked devices at their cost, that would be a real incentive.

	▲	charcircuit 7 hours ago \| parent [-]
		Manufactures suffer reputational damage from it. Also keys could be revoked before they finish selling through all of their stock of produced phones.

▲

13hunteo 17 hours ago | parent | prev | next [-]

Interesting - do you have any sources to read further?

	▲	47282847 17 hours ago \| parent \| next [-]
		Search for widevine decrypt. You’ll find code and forums where at least some L3 (software) keys are publicly shared. For high resolution on some platforms, you need L1 keys, but as far as I understand the decryption process basically stays the same once you have a working key. Random article: https://www.ismailzai.com/blog/picking-the-widevine-locks Claimed to be L1 key leaks (probably all blacklisted by now): https://github.com/Mavrick102/WIDEVINE-CDM-L1-Giveaway
	▲	sodality2 14 hours ago \| parent \| prev [-]
		You won't find a ton of up-to-date info that would let you do the same - the scene groups hold their methods closely specifically because of this cat-and-mouse game.

▲

gpderetta 17 hours ago | parent | prev | next [-]

The analog hole is real.

	▲	allan_s 6 hours ago \| parent [-]
		I was wondering how easy it is I.e I know that hdmi stream can be encrypted so I guess for Netflix you can't juste have a "hdmi splitter"? Do you need to go as far as plugging yourself just before the lcd pixels ? And if so , is it the moment where its easier to have a high def camera pointed at your lcd screen with post processing?

▲

alerighi 15 hours ago | parent | prev [-]

More easily in the past (I don't think if it's still true for 4K) you only needed an HDMI splitter to bypass HDCP copy protection.

	▲	jasomill 6 hours ago \| parent [-]
		Now you need both a buggy HDCP 1.4 splitter and an HDCP 2.1 to 1.4 converter.