The news was released recently that Google has asked GitHub to block 135 repositories on the platform, which are related by including code to define keys to decrypt Widevine protected content CDM (Content Decryption Module) blocked under the US Digital Millennium Copyright Act (DMCA).
This fact surprises many as Google used to be a non-aggression tactic. on intellectual property matters, but in 2018, the slogan "Don't be evil" was removed from its Code of Conduct.
The lock was initiated against repositories that contained the RSA private key which was extracted from Widevine's CDM as a result of a gap in the protection mechanisms implemented in this module.
Most of the repositories are forks of the Chrome plugin widevine-l3-decryptor, which allows you to access streamed content through a DRM-protected communication channel.
This plugin was written to demonstrate how Widevine's DRM protection mechanism can be bypassed by intercepting the Encrypted Media Extensions (EME) API calls and retrieving all content encryption keys that are passed.
The repository notes that the code is a demonstration of the attack method and it is distributed for educational purposes only (the plugin does not decrypt the content, it only determines the key, but the obtained key can be used for decryption using the ffmpeg utility, specifying the key obtained at startup in the "-decryption_key").
Google creates and distributes Widevine's Content Decryption Module (CDM), which is licensed for use in many browsers, including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera. Widevine's CDM is used in conjunction with Widevine's license server to distribute DRM video and audio content over the Internet and is used by content providers including Disney +, Netflix, Amazon Prime Video, YouTube, Hulu, and others, to prevent piracy. of content protected by copyright.
Google LLC owns the copyright to the Widevine CDM and licenses it to others to use it without modification or redistribution under the terms of the Widevine Master License Agreement.
Among the infractions, the presence of files was also mentioned in the repository that violate Google's copyright.
In particular, the license_protcol.proto file and the Widevine Modular DRM Security Integration Guide and Widevine DRM Architecture Overview documents. Notably, license_protcol.proto is a header file for libprotobuf with a description of the Widevine protocol structure, that is, Google argues close to the reasoning Oracle attacks Android.
For those who do not know about technology widevine, they should know that this is developed by Google and it is mainly used on Chrome and different systems (usually Linux) to be able to display content protected by copyright on Netflix, Disney, Amazon Video, BBC, HBO, Facebook, Hulu, Spotify and many other services.
A CDM module is supplied of the same name to decode content, which is used in Chrome, Edge, Firefox and Opera, as well as in products from Samsung, Intel, Sony and LG.
Last year, the weakest level of security, Widevine L3, was cracked, fully implemented in software, and is generally used to distribute content below 1080p.
It turned out that the implementation of the Whitebox AES-128 encryption algorithm is susceptible to a Differential Failure Analysis (DFA) attack, allowing access to the encryption key.
Finally, if you are interested in knowing more about it about the request made by Google to GitHub, you can check the details In the following link.