The “Fuck Your Subscription” Complete Toolkit
Netflix, Disney+, HBO — and the online course you bought, the members-only video, the file with no download button. Catch the key the video already uses → download it → unlock it → keep the plain MP4 forever. All free, open-source, plus the backdoors for when they nuke the obvious ones.
Any locked or paid video — streaming, courses, training, that one stubborn player. New here or been ripping for years, it’s all folded below. Tap a box, grab what you need. ![]()
🔥 5 times this quietly saves your ass — the whole point in one box
One payoff: any video you can watch becomes a file nobody can take back — a show, a paid course, a members-only clip. Where that hits:
- The course you paid for vanished. Instructor pulled it, platform “updated” it, your access expired — yours still plays because you grabbed it.
- They yanked your show mid-rewatch. Pulled from the platform — you already have it.
- Flight / dead zone / data cap. 40 GB of shows and lectures offline, zero buffering, zero roaming.
- Price hike or cancel? Drop the sub, keep every episode and every module you already went through. No hostage move.
- Real quality, kept for good. WEB-DL (straight from the source, not a screen-record) — clean audio, subs, the good encode — and it never re-mushes itself.
🗺️ The whole move in 4 steps + which tool beats which site (start here)
Every locked video — a Netflix show, a Udemy lecture, a members-only clip — is a lock, a key, and the file. Your device gets handed the key every time you hit play, so nothing gets “cracked”: you just catch the key where it lands and unlock the file yourself. Widevine L3 keeps that key in readable software (easy); L1 / FairPlay seal it in a chip (hard). Plenty of course/paid sites don’t even bother locking — they’re just plain streams with no download button, so step 3 alone grabs them.
The 4 moves
- Catch the key — the WidevineProxy2 browser add-on grabs it while you watch, or dump your phone’s identity once with KeyDive. (Skip this if the video isn’t DRM-locked.)
- Get a device file (
.wvd— a copy of a real device’s ID) if a tool asks — dump your own or grab a public one. - Pull the video — N_m3u8DL-RE (fast) or yt-dlp (10,000+ sites, incl. tons of course + video platforms).
- Strip the lock — mp4decrypt, or let Devine / Unshackle do 3+4 in one shot.
Which tool per site
| Site | Catch the key | Pull it | Heads-up |
|---|---|---|---|
| Netflix | KeyDive | Devine / Unshackle | Add-ons blocked — phone wins |
| Amazon Prime | KeyDive | Devine / N_m3u8DL-RE | Cookies die fast |
| Disney+ | WidevineProxy2 / KeyDive | N_m3u8DL-RE | Grab the link fast, it expires |
| HBO / Max | WidevineProxy2 | yt-dlp / N_m3u8DL-RE | yt-dlp has native support |
| Hulu / Paramount+ / Peacock | WidevineProxy2 / KeyDive | Devine / N_m3u8DL-RE / yt-dlp | Phone method more reliable |
| Apple TV+ | KeyDive | N_m3u8DL-RE / vsd | CBCS scramble — check tool does it |
| Crunchyroll | WidevineProxy2 | yt-dlp | yt-dlp nails it |
| Online courses (Udemy, Coursera, Skillshare, MasterClass, Teachable, Kajabi, Vimeo-OTT) | usually none | yt-dlp / N_m3u8DL-RE | Mostly plain HLS/DASH — grab direct. If Widevine-locked, same 4 moves |
| Any “no download” video (embeds, members areas, weird players) | usually none | The Stream Detector → yt-dlp / N_m3u8DL-RE | Sniff the real stream URL, then pull |
| YouTube / Twitch / social | not needed | yt-dlp | No lock — just download |
Lost? Follow the arrows
Course / paid video / weird player? → The Stream Detector → yt-dlp / N_m3u8DL-RE
YouTube / Twitch / social? → yt-dlp, done
WidevineProxy2 catches keys? yes → N_m3u8DL-RE --key
no ↓
Android phone (or free emulator)? yes → KeyDive + Devine/Unshackle
no → public .wvd, or CDRM-Project (web)
Best combo for you
| You are… | Grab this |
|---|---|
| Total beginner | WidevineProxy2 + N_m3u8DL-RE |
| Got an Android phone | KeyDive + Devine/Unshackle |
| Want one tool | Unshackle |
| Allergic to command lines | VineFeeder or CDRM-Project |
| Paid course / YouTube / public site | yt-dlp alone |
| Video with no download button | The Stream Detector + N_m3u8DL-RE |
| Live stream | N_m3u8DL-RE --live-record-limit |
| Need raw speed | vsd |
| PlayReady site | VT-PR |
🎓 Same trick, your paid courses + any 'no-download' video
The tools don’t care what the video is — a Netflix show, a Udemy lecture, a webinar replay, a random embedded player. If your screen can play it, these can pull it. For most paid sites the whole trick is one flag: --cookies-from-browser hands the tool your logged-in access.
| What you’re grabbing | The move |
|---|---|
| Paid course (Udemy, Coursera, Skillshare, MasterClass, Teachable, Kajabi, Thinkific, Domestika, LinkedIn Learning) | Log in in your browser, then yt-dlp --cookies-from-browser chrome "URL". Or sniff the stream with The Stream Detector → feed it to N_m3u8DL-RE. Widevine-locked? Same 4 moves up top |
| Vimeo / Wistia / private embeds | The Stream Detector grabs the real .m3u8 (playlist); N_m3u8DL-RE pulls it |
| “No download button” / blob player | The Stream Detector shows the hidden stream URL — yt-dlp or N_m3u8DL-RE do the rest |
| Members-only / paywalled clip | --cookies-from-browser carries your paid login; then pull like anything else |
| DRM-locked course (some Udemy Business / Coursera) | Grab the key with WidevineProxy2 or KeyDive, then the normal download + unlock |
Bottom line: streaming was just the loud example. The same key → download → unlock chain owns any locked or paid video you’re allowed to watch.
⚡ The 12-tool starter shelf — the ones you open first
| Job | Tool | Link |
|---|---|---|
| Catch key (browser) | WidevineProxy2 | GitHub |
| Catch key (phone) | KeyDive | GitHub |
| Sniff the stream URL | The Stream Detector | Chrome |
| Grab a device file | Noob Starter Pack | download |
| Download (universal) | yt-dlp | GitHub |
| Download (fast) | N_m3u8DL-RE | GitHub |
| Download + decrypt | Unshackle | GitHub |
| Unlock manually | mp4decrypt (Bento4) | GitHub |
| No install, web unlock | CDRM-Project | GitHub |
| PlayReady site | VT-PR | GitHub |
| Merge / convert | ffmpeg | ffmpeg.org |
| The big link stash | Widevine Mega Text | rentry.co/z9pbs |
═══════
THE GRAB-AND-GO ARSENAL ═══════
🔑 Grab the key — this is the whole damn game
Android key extraction (pull the key + keybox off your phone)
| Name | What it does | Link |
|---|---|---|
| KeyDive | Frida-based (pokes inside running apps) L3 key grabber, all Android versions | GitHub · PyPI · releases |
| KeyDive fork (tophat1720) | Actively kept-alive copy of KeyDive | GitHub |
| KeyDiveResearch | KeyDive fork with extra how-to notes | GitHub |
| wvdumper | Dumps the L3 CDM (the lock-handler) off any Android device | GitHub |
| widevinel3 Android PoC | Grabs keybox + content key, even downloads Netflix (CVE-2021-0639) | GitHub |
| liboemcrypto-disabler | Magisk module (root add-on) that unblocks dumping | docs |
| Kaltura device-info app | Free DRM test app KeyDive uses to wake up the CDM | GitHub |
| Android Studio dump recipe | Step-by-step: dump your own L3 in the phone emulator (no real phone) | videohelp thread |
| widevineleak org | Whole org of leaked dumpers, downloaders, and PlayReady tools | GitHub |
Browser extensions (keys just appear while you watch — no phone needed)
| Name | What it does | Link |
|---|---|---|
| WidevineProxy2 | Grabs keys mid-watch, beats one-time tokens + license wrapping, modern Chrome | GitHub · mirror · mirror2 |
| widevine-l3-guesser | Firefox heir to the old L3 Decryptor extension | GitHub |
| The Stream Detector (Chrome) | Spots the playlist + hands you a ready yt-dlp / ffmpeg command | Chrome Store |
| The Stream Detector (Firefox) | Same, for Firefox | Add-ons |
| CocoCut | Point-and-click casual video grabber | Site |
| tampermonkey-eme-logger | Userscript that logs the browser’s DRM calls (the EME hook) | GitHub |
| l3-keys | Paste the info, get keys back — has a CLI and a GUI | GitHub |
🪪 The device file nobody warns you about (the .wvd)
| Name | What it does | Link |
|---|---|---|
| Noob Starter Pack | Ready-to-use WVD device files, zipped — grab and go | download |
| CDM-Project WVD browse | Search their site for more shared WVD device files | browse |
| WV-System-ID overview | Table: which System ID = which device (spot yours) | Overview.csv |
| wvcrl revocation tracker | Telegram list of killed/banned device files — check before you cry | t.me/s/wvcrl |
🧬 The cores everything's built on (the engine under the hood)
Widevine cores (the Google-lock engine)
| Name | What it does | Link |
|---|---|---|
| pywidevine | The pure-Python Widevine CDM everything forks from | GitHub |
| license_protocol.proto | The message-format file for talking to license servers | .proto |
| pywidevine (mirror) | Backup copy that survives GitHub takedowns | Gitea mirror |
| alfg/widevine (Go) | Widevine in Go (fast language), with the proto + cloud client | GitHub |
| 3052/widevine (Go) | Another Go build of the same idea | GitHub |
| widevine-proto (Rust) | The Widevine message definitions as a Rust package | crates.io |
| widevine-l3-decryptor | Hadad’s original L3 break — DMCA’d but historic | GitHub · mirror |
| L3-decryptor deepwiki | Plain-English tour of how that break talked to license servers | DeepWiki |
| alastairmccormack gist | Early rough reverse of the Widevine request format | gist |
PlayReady cores (Microsoft’s lock — the other big one)
| Name | What it does | Link |
|---|---|---|
| pyplayready | Pure-Python PlayReady CDM, SL2000 to SL3000 | GitHub |
| replayready | PlayReady rewritten in Rust (fast + tidy) | GitHub |
| Vinetrimmer-Playready | Leaked downloader with PlayReady support baked in | GitHub |
| pyplayready (mirror) | Backup copy under the widevineleak org | GitHub |
Devine internals + takedown-proof mirrors
| Name | What it does | Link |
|---|---|---|
| devine (mirror) | The download framework, mirrored off GitHub | Gitea mirror |
| python-proxy | The VPN/proxy layer Devine uses (NordVPN / Hola) | GitHub |
📥 Pull the video (the heavy machines)
The big three everyone starts with
| Name | What it does | Link |
|---|---|---|
| N_m3u8DL-RE | Fastest MPD/M3U8 (playlist) grabber, C# | GitHub |
| yt-dlp | Downloads from 10,000+ sites, the king | GitHub |
| vsd | Rust downloader, DASH + HLS, decrypts too | GitHub · lib.rs |
Segment grabbers and manifest chewers
| Name | What it does | Link |
|---|---|---|
| N_m3u8DL-CLI | The older .NET predecessor of RE | GitHub |
| nilaoda (profile) | Maker of the whole N_m3u8DL family | GitHub |
| BBDown | Bilibili downloader, same parsing lineage | GitHub |
| DDownloader | Python lib, auto-detects stream type, drives N_m3u8DL-RE | PyPI · GitHub |
| iori | Brand new, handles live streams | GitHub |
| VibraVid | Italian downloader with PlayReady (a second lock system) built in | PyPI |
| downkyi | 哔哩下载姬, Bilibili premium DASH ripper (CN) | GitHub |
yt-dlp with the lock-stripping bolted on
🔓 Strip the lock (download AND decrypt in one shot)
Full frameworks, the ones that just work
| Name | What it does | Link |
|---|---|---|
| Devine | The original all-in-one, downloads + decrypts + organizes | GitHub · mirror |
| unshackle | Active Devine fork — DASH/HLS/ISM (3 stream formats), REST API (drive it from other apps), Sonarr/Radarr (auto TV/movie library apps) | GitHub |
| unshackle (dev branch) | Same, with Web UI and interactive services | GitHub |
| Unshackle-Services | Ready-made service scripts (Pluto etc.) | DRMLab |
| l3dl-re | Wires N_m3u8DL-RE to pywidevine automatically | GitHub |
VineTrimmer and its many faces (also handles PlayReady, the second lock)
| Name | What it does | Link |
|---|---|---|
| VT-PR | VineTrimmer + PlayReady support (chu23465’s fork) | GitHub · TR-TDN · git.gay · DRMLab |
| VineTrimmer (xzork11) | Linux-friendly VineTrimmer clone | GitHub |
| VineTrim (starkyuii) | pip-installable VineTrimmer attempt | GitHub |
| vinetrimmer (PyPI) | Old PyPI mirror | PyPI |
Manual unlock, when you already have the encrypted file + keys
| Name | What it does | Link |
|---|---|---|
| mp4decrypt (Bento4) | The OG unlocker, feed it KID:KEY, done | GitHub |
| video_decrypter | Kodi-code based, reliable | GitHub |
The engine parts (power other tools, you rarely touch these)
| Name | What it does | Link |
|---|---|---|
| pywidevine | Pure-Python Widevine handler, the foundation | GitHub |
| rlaphoenix (profile) | The dev behind Devine, pywidevine, pymp4 and more | GitHub |
| pymp4 | Builds and reads MP4 boxes (the file’s guts) | GitHub · PyPI |
| mp4parser | Java reference for ISO MP4 internals | GitHub |
| dash-mpd-rs | Rust DASH manifest parser (vsd runs on it) | GitHub |
🖱️ Hate typing? Click buttons instead
🌐 No setup? Let a site do the unlocking for you
Run your own copy (survives takedowns)
| Name | What it does | Link |
|---|---|---|
| CDRM-Project | Self-hosted app that decrypts Widevine + PlayReady (the two big locks) | GitHub |
| CDRM-Project 2.0 | Newer prettier rewrite of the same tool | GitHub |
| CDRM-Project (Gitea mirror) | Backup copy on a takedown-proof host | CDM-Project |
Just paste and go (hosted)
| Name | What it does | Link |
|---|---|---|
| cdrm-project.com | Live site that decrypts for you (also feeds keys to other tools) | cdrm-project.com |
| GetWVKeys | Hosted key-getter, entry via Discord (a chat app invite) | getwvkeys.cc |
| CDRM ecosystem directory | Big list of related tools (downloader fixes, extensions, players) | CDM-Project repos |
Little bench tools (read the lock, don’t break it)
| Name | What it does | Link |
|---|---|---|
| Axinom PSSH generator | Builds the PSSH (the “which key” data) for testing | tools.axinom.com |
| Axinom PSSH decoder | Reads a PSSH back into plain fields | tools.axinom.com |
| drm.rebus | Tells you which Widevine build (lock version) your browser loaded | drm.rebus.info |
🏭 Know your enemy — the companies selling these locks
The big lock-sellers (DRM-as-a-service)
| Name | What it does | Link |
|---|---|---|
| EZDRM | Original lock-for-hire shop, all three DRMs in one | ezdrm.com |
| EZDRM docs | Their own setup manuals (free schooling) | documentation |
| EZDRM Universal License spec | PDF: exactly how their license hand-off works | |
| Bitmovin × EZDRM guide | Shows the license URL patterns for all three locks | Bitmovin docs |
| Verimatrix | Multi-lock plus piracy-tracking tech | verimatrix.com |
| Irdeto | Multi-lock plus hidden watermarks (TraceMark) | irdeto.com |
| NAGRA | Their Security Services Platform (SSP) | dtv.nagra.com |
| BuyDRM (KeyOS) | Another multi-lock vendor | buydrm.com |
| ExpressPlay | Intertrust’s lock service | expressplay.com |
| PallyCon | Multi-lock plus moving watermarks | pallycon.com |
Axinom (the docs everyone learns from)
| Name | What it does | Link |
|---|---|---|
| Axinom DRM | Their multi-lock service page | axinom.com |
| Axinom DRM docs | Developer manual — clearest wiring of the lock | docs.axinom.com |
| Axinom ExoPlayer guide | How to plug the lock into an Android player | ExoPlayer docs |
The maps that name every vendor
| Name | What it does | Link |
|---|---|---|
| Microsoft PlayReady partners | Official list of shops + test labs (Riscure, IOActive) | playready/partners |
| Unified Streaming DRM matrix | Which vendor works with what, all in one grid | docs.unified-streaming.com |
| Unified Streaming providers | Per-vendor setup recipes (EZDRM, Irdeto, Nagra, Verimatrix…) | drm-providers |
| Dolby Hybrik tutorial | How Dolby packages content with multi-lock | docs.hybrik.com |
| Dolby / THEOplayer connector | Player-side hookup to a dozen lock vendors | optiview.dolby.com |
| Castlabs docs | Deep DASH/HLS/CMAF + lock packaging patterns | cast.readme.io |
📋 Copy-paste commands — swap in your link/keys, hit enter
yt-dlp — the everything downloader
yt-dlp "VIDEO_URL" # basic
yt-dlp -f "bv*+ba/b" "VIDEO_URL" # best video + best audio
yt-dlp --cookies-from-browser chrome "VIDEO_URL" # borrow your login
yt-dlp -F "VIDEO_URL" # list every quality
yt-dlp --allow-unplayable-formats "VIDEO_URL" # grab the locked pieces
N_m3u8DL-RE — the fast stream grabber
N_m3u8DL-RE "MANIFEST_URL" # basic
N_m3u8DL-RE "MANIFEST_URL" --key KID:KEY # with key
N_m3u8DL-RE "MANIFEST_URL" -sv best -sa all -M format=mp4 # best video + all audio → MP4
N_m3u8DL-RE "MANIFEST_URL" --thread-count 16 -mt -H "Cookie: session=xxx" # fast + cookie
N_m3u8DL-RE "LIVE_URL" --live-record-limit 02:00:00 # record 2h of live
N_m3u8DL-RE "MANIFEST_URL" --key KID:KEY --use-shaka-packager # shaka decrypt engine
vsd — the Rust all-in-one
vsd save "MANIFEST_URL" -o video.mp4 # download → MP4
vsd save "MANIFEST_URL" -o video.mp4 --keys KID:KEY # with keys
vsd capture -o video.mp4 # sniff from a browser
mp4decrypt — the manual unlocker
mp4decrypt --key KID:KEY input.mp4 output.mp4 # one key
mp4decrypt --key KID1:KEY1 --key KID2:KEY2 input.mp4 output.mp4 # video + audio differ
KeyDive / Devine / ffmpeg
keydive -kw -a player # dump your phone's identity
pip install devine && devine wvd add ./device.wvd && devine dl NF "TITLE_URL"
ffmpeg -i video.mp4 -i audio.m4a -c copy output.mp4 # merge
ffmpeg -i video.mp4 -i audio.m4a -i subs.srt -c copy output.mkv # + subs → MKV
Replaying a license call by hand? Paste the browser’s copied cURL (the raw web request) into curlconverter.com/python → clean Python with the right headers.
🔧 When it breaks — the 5 real fixes + the reset checklist
| Error | What it means | Fix |
|---|---|---|
| 403 Forbidden | Site blocking you (usually Cloudflare) | yt-dlp --update-to nightly then --cookies-from-browser chrome; or solve the CAPTCHA in-browser, then run immediately |
| No CDM Found | Can’t find your device file (.wvd) — #1 beginner wall |
Put the .wvd where the tool looks (~/.devine/WVDs/); ls -la ~/.devine/WVDs/; re-dump if corrupt |
| Decryption Failed | Wrong key, or video + audio need different keys | mp4info encrypted.mp4 | grep -i kid to see which key it wants; format is exactly KID:KEY |
| License Request Failed | Site rejected it — often your device file got revoked (blacklisted) | Swap .wvd, refresh cookies; check if yours is burned: revocation tracker + WV System-ID list |
| Manifest Not Found | URL wrong or expired (they die in minutes) | Add -H "Cookie: ..." -H "User-Agent: ..."; grab the link and download right away |
The “everything’s fucked” reset: update the tool (yt-dlp -U / pip install --upgrade), export fresh cookies, confirm ffmpeg -version works, try the nightly build, then actually read the error — it usually names the problem.
═══════
THE DEEP WELL — understand it · break it · build it ═══════
📖 The rulebook nobody at Netflix wants you reading
The web-player brains (how your browser talks to the lock)
| Name | What it does | Link |
|---|---|---|
| EME (the browser’s lock plug-in) | The rule that lets any browser load a DRM (copy-lock) handler | W3C EME |
| EME Level 2 | Newer draft, more of the same wiring | W3C EME L2 |
| MSE (feeds video chunks in) | Sibling rule that pipes stream pieces to the player | W3C MSE v2 · v1 |
| MDN EME page | Same rules in plain English | MDN EME |
The scramble + wrapper standards (how the file gets locked and boxed)
| Name | What it does | Link |
|---|---|---|
| CENC (one scramble, all locks) | The common scramble Widevine, PlayReady and FairPlay share | ISO 23001-7 |
| MPEG-DASH (the playlist rulebook) | Spec for the manifest (playlist file) that lists every chunk | ISO 23009-1 |
| HLS RFC 8216 (Apple’s playlist) | Apple’s stream format that FairPlay rides on | RFC 8216 |
| HLS bis (the newer HLS) | The evolving, updated HLS spec | RFC 8216bis |
| CMAF (one file, both playlists) | Single packaging both DASH and HLS can serve | ISO 23000-19 |
| MP4 spec (the box format) | The base file format everything is packed into | ISO 14496-12 |
| HDCP 2.3 (the cable-cop) | Locks the last HDMI hop after decryption | HDCP 2.3 PDF |
🏢 Straight from the people who built the locks
The three big locks, from the horse’s mouth
| Name | What it does | Link |
|---|---|---|
| Widevine landing (Google’s lock) | Google’s sales page for its DRM (Netflix/Disney use it) | Widevine |
| Widevine dev docs | The public builder docs for Widevine | Google devs |
| PlayReady docs (Microsoft’s lock) | Microsoft’s DRM, the SL2000/SL3000 security tiers | MS Learn |
| FairPlay landing (Apple’s lock) | Apple’s DRM front page | Apple FPS |
| FPS programming guide | Apple’s official how-to-build-it manual (PDF) | FPS guide PDF |
| FPS overview | The short version of how FairPlay flows | FPS overview PDF |
The platform plumbing (where the lock actually lives on your device)
| Name | What it does | Link |
|---|---|---|
| Chrome EME blog | Google engineers explaining how Chrome wires up EME | Chrome blog |
| AOSP MediaDRM | Android’s built-in DRM handler, laid out | Android DRM |
| Android security | The TEE (secure chip area) that guards the keys | Android security |
| AWS SPEKE (the key hand-off) | Amazon’s spec for passing keys to a packager | SPEKE |
| AWS FairPlay HLS | Amazon’s pipeline for serving FairPlay streams | Elemental |
🔬 How the locks actually got cracked (the papers)
| Name | What it does | Link |
|---|---|---|
| Exploring Widevine for Fun and Profit | The definitive public teardown of Widevine (spawned a CVE) | arXiv PDF |
| Your DRM Can Watch You Too | Shows the lock also fingerprints (tracks) you | arXiv |
| Looney Tunes | Proves Indian music apps barely locked anything | arXiv PDF |
| Qualcomm TA emulation fuzzing | Reversing Qualcomm’s secure-chip Widevine code | arXiv PDF |
| liOS (iOS app lifting) | Pulling apart iOS apps, incl. the FairPlay decrypt path | arXiv PDF |
| CVE-2021-0639 | The official bug the Rennes paper produced | MITRE CVE |
| IRISA / SPICY team | The French lab that keeps breaking this stuff | IRISA |
| ACM CCS proceedings | Where the heavy DRM-breaking papers get published | ACM |
🏗️ The reference builds (peek at how the pros wire it)
Netflix’s own secure-messaging kit
| Name | What it does | Link |
|---|---|---|
| Netflix MSL | Netflix’s secure client↔server messaging (how their app talks safe) | GitHub |
| MSL wiki | Plain docs for the MSL framework | Wiki |
| MSL Javadoc | Full code reference, every function listed | Javadoc |
| MSL techblog | Netflix engineers explain why they built it | TechBlog |
Google’s packager + player (the reference lock and key)
| Name | What it does | Link |
|---|---|---|
| shaka-packager | Google’s tool that packs + locks DASH/HLS video; has a built-in decryptor flag | GitHub |
| shaka-packager docs | Every knob explained (cenc, cbcs, subsample) | Docs |
| shaka-player | Google’s web player; textbook of how a real player asks for keys | GitHub |
| eme_logger | Google’s Chrome add-on that logs every key request (EME = the browser’s lock API) | GitHub |
| eme_logger install | One-click install from the store | Web Store |
| eme_conformancetest | Google’s test suite that defines what the browser lock should do | GitHub |
🛠️ The media workbench (chop, unlock, remux, verify)
Bento4 — the Swiss army knife for MP4
| Name | What it does | Link |
|---|---|---|
| Bento4 | C++ toolkit: mp4info, mp4dump, mp4encrypt, mp4decrypt, mp4fragment | GitHub |
| Bento4 site | Homepage + ready-to-run downloads | bento4.com |
| mp4decrypt docs | The unlock tool’s own manual | Docs |
| Bento4 DeepWiki | Guided tour of Bento4’s lock/unlock internals | DeepWiki |
GPAC / MP4Box — the other heavyweight
| Name | What it does | Link |
|---|---|---|
| GPAC | Media framework; home of MP4Box (Netflix uses it internally) | GitHub |
| GPAC site | Homepage + downloads | gpac.io |
| MP4Box reference | Every MP4Box command spelled out | Wiki |
| GPAC DASH how-tos | Step-by-step packing recipes | Howtos |
DASH parsers + the everyday tools
| Name | What it does | Link |
|---|---|---|
| dash-mpd-rs | Rust reader for the DASH playlist file (clean + modern) | GitHub |
| dash-mpd-cli | A ready command-line tool built on that reader | GitHub |
| libdash | Bitmovin’s C++ reference reader for DASH | GitHub |
| ffmpeg | The all-purpose video swiss-knife; unlocks ClearKey natively | ffmpeg.org |
| MKVToolNix | Joins video, audio, subtitles into one MKV file | mkvtoolnix.download |
| CCExtractor | Pulls burned-in captions out to a subtitle file | ccextractor.org |
| SubtitleEdit | Converts + fixes subtitles (TTML → SRT) | GitHub |
| MediaInfo | Shows every detail of a file to confirm the unlock worked | mediaarea.net |
🎬 The open players (read how a real player asks for the key)
Web + media-center players
| Name | What it does | Link |
|---|---|---|
| hls.js | The go-to open HLS web player; shows how license servers get wired | GitHub |
| dash.js | The official reference DASH web player | GitHub |
| dash.js sample | The player running live, ready to poke | Sample |
| inputstream.adaptive | Kodi’s add-on doing DASH/HLS + Widevine in the open | GitHub |
| InputStream Adaptive wiki | The official how-to for that add-on | Wiki |
| InputStreamHelper | Installs the Widevine lock-handler for Kodi automatically | GitHub |
| VLC | The everything-player; handles some CENC-locked files | GitHub |
| mpv | Clean modern player with a tidy media pipeline | GitHub |
ExoPlayer / Media3 — the Android side
| Name | What it does | Link |
|---|---|---|
| ExoPlayer | Google’s Android player, now folded into Media3 | GitHub |
| AndroidX Media3 | The new home for ExoPlayer | GitHub |
| ExoPlayer DRM guide | Official doc on wiring up the Android lock API | Guide |
| Legacy ExoPlayer DRM | The older DRM doc | exoplayer.dev |
| ExoPlayerDrm sample | Tiny working Widevine DASH demo with a test license URL | GitHub |
| Taku Semba walkthrough | “Play your own DRM content on ExoPlayer” | Medium |
| Burak Oguz walkthrough | Widevine + ExoPlayer with custom login tokens | Medium |
| Kiprosh walkthrough | Widevine + Azure Media + ExoPlayer, back-to-front | Blog |
🎯 Free practice targets (break these first, nobody's mad)
Ready-made DRM playgrounds
| Name | What it does | Link |
|---|---|---|
| Bitmovin DRM demos | Public locked test streams — the DRM hello-world | Demos |
| Bitmovin sample streams | Big directory of DASH/HLS + locked test clips | Blog |
| Unified Tears of Steel | Classic open test movie in every flavor | Demo |
| cwip-shaka-proxy | Google’s no-login Widevine license server to practice against | no_auth |
Reference vectors + validators
| Name | What it does | Link |
|---|---|---|
| reference.dashif | DASH-IF’s live test streams + checker | reference.dashif.org |
| testassets.dashif | DASH-IF’s searchable test-asset database | testassets.dashif.org |
| DASH-IF tool + sample directory | Grab-bag of conformance tools and sample MPDs | dashif.org/tools/sample |
| Axinom test vectors | Multi-lock test clips (PlayReady + Widevine + FairPlay, keyed + clear) | GitHub |
| petegriffin vectors | Mirror of Axinom’s with per-scenario notes | GitHub |
| DASH-IF-Conformance | Software that checks a stream against the spec | GitHub |
| Hosted conformance | Same checker, running in your browser | dashif.org |
| DRM data generator | Makes test keys/tokens for the live-stream simulator | GitHub |
| infinite-streaming | Docker live-ish server for testing failures on purpose | GitHub |
| media.axprod vectors | Axinom’s test-clip CDN (every ExoPlayer sample points here) | CDN |
🐉 The foreign scene (a 12-month head start)
WKS-KEYS family (the key-puller everyone forks)
| Name | What it does | Link |
|---|---|---|
| CrymanChen WKS-KEYS | Modded key-puller, bilingual guide | GitHub |
| zlxyc WKS-KEYS | Kept-alive copy of the same tool | GitHub |
| SASUKE-DUCK WKS-KEY | Ready-to-run V2 builds (downloads) | GitHub |
| medvm widevine_keys | Alt script for pulling content keys | GitHub |
Ready-made service rippers (point at one app, grab the video)
| Name | What it does | Link |
|---|---|---|
| weapon121 Disney+ downloader | Saves Disney+ video (CN scene) | GitHub |
| Divxeas NFripper | Netflix video ripper family | GitHub |
| widevineleak Hulu Downloader 2022 | Leaked Hulu DRM saver | GitHub |
| EnthusiastAnon HBO/Paramount 4k | HBO Max + Paramount+ + BlimTV in 4k | GitHub |
| lossui011 Hisense SL3000 | Leaked TV chip keys (top-tier lock) | GitHub |
🧰 The reverser's bench (build your own dumper)
Poke inside a running app
| Name | What it does | Link |
|---|---|---|
| Frida | Pokes inside running apps, live | Site |
| frida repo | The tool’s source code | GitHub |
| frida-tools | Python + command-line front-end | GitHub |
| Frida Android setup | Get it running on your phone | Docs |
Take apart a binary (read the code with no source)
| Name | What it does | Link |
|---|---|---|
| Ghidra | NSA’s free code-taker-aparter | Site |
| Ghidra source | Its own source code | GitHub |
| IDA Pro | Paid industry-standard version | Hex-Rays |
| radare2 | Free open-source alternative | Site |
| Qiling | Runs app code off-device to study it | GitHub |
Android side (root + emulator + wiring)
🗺️ How to keep finding new tools forever
| Name | What it does | Link |
|---|---|---|
| awesome-video | The biggest video-tool link dump | GitHub |
| topic: widevine | Live feed, sort by newest | GitHub |
| topic: widevine-l3-decryptor | The L3 key-crack family | GitHub |
| topic: widevine-drm | Widevine-tagged repos | GitHub |
| topic: mpeg-dash | DASH (streaming playlist) tools | GitHub |
| topic: hls | HLS (Apple’s streaming) tools | GitHub |
| topic: cmaf | CMAF (shared file format) tools | GitHub |
| topic: common-encryption | CENC (the standard lock) tools | GitHub |
| topic: m3u8-downloader | Every playlist-grabber repo | GitHub |
🏛️ Who writes the rulebook (read it to break it)
| Name | What it does | Link |
|---|---|---|
| DASH-IF | Runs the DASH streaming standard | Site |
| DASH-IF (GitHub org) | Conformance tools, reference players, sample streams | GitHub |
| DASH-IF conformance list | Their test-tool mailing list | Google Groups |
| SVTA | Streaming Video Technology Alliance | Site |
| CTA | Consumer Technology Association | Site |
| SMPTE | Film/TV engineering standards group | Site |
| Digital Content Protection LLC | Owns HDCP (the HDMI-cable lock) | Site |
| Media Standards Forum | Cross-industry media standards hub | Site |
🥷 When GitHub nukes it (the backdoors)
Mirror hosts (the same repos, different roof)
| Name | What it does | Link |
|---|---|---|
| CDM-Project | Main fallback for pywidevine/devine/CDRM | Site |
| git.gay | Community-run code host | Site |
| DRMLab | DRM-scene code host | Site |
| BitMaster’s Gitea | Another mirror roof | Site |
| VideoHelp files | User-uploaded tools, keys, guides | Site |
Digging up the dead
🗞️ The trail — the story of every crack, told by the people who did it
The Widevine breaks, blow by blow
| Name | What it does (3-8 words) | Link |
|---|---|---|
| Neodyme — Diving into Widevine L3 | Deep-dive: Qiling (runs code off-device) + keybox (device secret file) dumping + whitebox (hidden-in-code crypto) breaking | neodyme.io |
| SecurityBoulevard — Mending the crack | Covers Tomer Hadad’s L3 Decryptor (the first public Widevine break) | securityboulevard.com |
| elegal.ph — Researcher cracks Widevine | Early coverage of the DFA (fault-injection) attack | elegal.ph |
| threatshub — L3-only crack | Same story, longer form, plain wording | threatshub.org |
| forasoft — Widevine L1/L2/L3 | Your device’s chip picks the level, not the site | forasoft.com |
| mattmenchan — Widevine notes | Condensed practitioner cheat-sheet on Widevine | mattmenchan.com |
FairPlay (Apple’s lock), for the curious
| Name | What it does (3-8 words) | Link |
|---|---|---|
| ottverse — FairPlay how it works | CBC vs SAMPLE-AES (two ways Apple scrambles video) explained | ottverse.com |
| shaikhhanzala — Ultimate FairPlay guide | Hands-on setup with a shaka-packager (Google’s stream-packing tool) example | medium.com |
| nicolo.dev — Reversing fairplayd | Cracking open Apple’s fairplayd (the FairPlay background helper) in Ghidra/IDA (code-inspecting tools) |
nicolo.dev |
The plain-English primers (start here if it’s all Greek)
| Name | What it does (3-8 words) | Link |
|---|---|---|
| Bitmovin — DRM everything to know | Vendor map + who-uses-what overview | bitmovin.com |
| howvideo.works | Friendly primer on encoding, HLS, DASH, DRM | howvideo.works |
| Bunny.net — Streaming academy | Clean, no-jargon explainers on streaming | bunny.net |
| Bitmovin blog | Engineering blog: CMAF, CENC, HDR, DRM coverage | bitmovin.com |
| ottverse | OTT (over-the-top streaming) engineering blog | ottverse.com |
| Streaming Media | The industry’s magazine | streamingmedia.com |
| Wikipedia — Widevine | History + a timeline of every break | en.wikipedia.org |
| Wikipedia — FairPlay | History + Jon Lech Johansen’s early bypass | en.wikipedia.org |
💬 Where the scene actually lives — the forums that stay current (bookmark these two first)
The two you bookmark first
| Name | What it does (3-8 words) | Link |
|---|---|---|
| VideoHelp — Streaming Downloading forum | The beating heart of the whole scene | forum.videohelp.com |
| Widevine Mega Text (rentry z9pbs) | Biggest link dump alive — NFripper, Disney+, Hulu, HBO Max, Apple TV+, Paramount+, revocation tracker | rentry.co |
The tool master-threads (where the makers post + answer)
| Name | What it does (3-8 words) | Link |
|---|---|---|
| Devine thread | Master thread for the Devine archival tool | forum.videohelp.com |
| Unshackle thread | Active Devine fork, 26+ pages of help | forum.videohelp.com |
| Freevine (archived) | ABC iView / My5 / All4 free-service downloader | forum.videohelp.com |
| Vinetrimmer-Linux | Linux setup + finding the right fork | forum.videohelp.com |
| WidevineProxy2 release | Bypasses HMAC (a signature check), one-time tokens, license wrapping | forum.videohelp.com |
Getting keys + devices (the how-to threads)
| Name | What it does (3-8 words) | Link |
|---|---|---|
| Real-Device-L3-Cdms | Real-device L3/SL3000 CDM (lock-handler) notes + revocation | forum.videohelp.com |
| Downloading DRM with a known key | yt-dlp -encryption_key limits, spelled out |
forum.videohelp.com |
| PlayReady-Key | pyplayready recipes (SL3000 flows on Megogo etc.) | forum.videohelp.com |
| PRD-Devices | Sharing .prd device files + pyplayready debugging |
forum.videohelp.com |
| Beyond-WKS-KEYS | Moving from WKS-KEYS to pywidevine (.wvd device-file flow) |
forum.videohelp.com |
| WKS-KEYS-Guide | Original WKS-KEYS how-to (with Russian OKKO headers) | forum.videohelp.com |
| Decryption: The Last Crusade | Master decryption thread + shaka-packager syntax | forum.videohelp.com |
| Get-Widevine-Keys-Online | EME-Logger → base64 → hex → PSSH (key-locator data) pipeline | forum.videohelp.com |
| Kodi — Amlogic InputStream | DRM fixes for Amlogic/Minix boxes in Kodi | forum.kodi.tv |
🧩 The whole search vocabulary — paste any term to dig forever
Every fork and paper hides behind unfamiliar words. You don’t need to know these — drop any into a search to go deeper.
Widevine internals — libwvhidl.so · liboemcrypto · Widevine System ID · Keybox · Provisioning Server · WidevineCencHeader · SignedMessage / LicenseRequest / License (the protobuf messages — the message format) · ProtocolVersion 2.0/2.1/2.2 · ClientIdentification · license.widevine.com · CDM Version 16/17/19 · ASYMMETRIC_WRAPPED · OEMCrypto API · TEE (the sealed chip zone) · Qualcomm Trusted Application
PlayReady internals — WRMHEADER · WRM Header v4.0–4.3 · SL150 / SL2000 / SL3000 (robustness grades) · BCert / Group Certificate · .prd device file · com.microsoft.playready.recommendation · LA_URL / LUI_URL · rightsmanager.asmx · Riscure / IOActive (the SL3000 test labs)
FairPlay internals — SPC (Server Playback Context) · CKC (Content Key Context) · Application Certificate · ASK (Application Secret Key) · skd:// URI · fairplayd daemon · AVAssetResourceLoaderDelegate · Secure Enclave
Attacks + crypto — Differential Fault Analysis (DFA) · Whitebox AES / RSA · Arxan Whitebox · Service Certificate · Privacy Mode · OAEP · HMAC License Wrapping · One-Time License Tokens · Revocation List (CRL) · SRM · CVE-2021-0639
Manifests + packaging — SegmentTemplate / SegmentList / SegmentBase · Timeline vs Number templating · Init Segment (moov) / Media Segment (moof + mdat) · default_KID · tenc box · pssh box · sinf / schi / schm · ContentProtection element · MSPR:pro · Clear lead · cbcs 1:9 / 5:5 / 10:0 · CPIX · Key Rotation / Crypto Period
Downloader / ecosystem — WVD / PRD device file · Local/Remote/HTTP Vault · Key Vault · Group Tag · Cookie Profile · Widevine Descriptor · Devine/Unshackle Service · ChromeCDM vs Android CDM · Residential vs Datacenter Proxy · Geofence bypass · --allow-unplayable-formats · --decryption-engine=MP4DECRYPT · --enable_raw_key_decryption
Player / client — MediaDRM (Android) · DefaultDrmSessionManager · HttpMediaDrmCallback · MediaItem.DrmConfiguration · MediaKeySystemAccess / MediaKeys / MediaKeySession (the EME objects) · generateRequest · InputStream.Adaptive (Kodi) · Shaka Player DRM config · hls.js EME hooks
What practitioners type — sniff manifests · replay license call · extract PSSH · dump keybox · provision device · migrate WVD v1 → v2 · downgrade WRM Header · batch decrypt CENC-CTR / CENC-CBCS · remux to MKV via mkvmerge · convert TTML → SRT · curl-to-Python round-trip
❓ Straight answers to the questions everyone asks
| Question | Answer |
|---|---|
| What works? | Way more than streaming — Netflix/Amazon/Disney+/HBO/Hulu, plus paid courses, webinars, members-only clips, and any video with no download button. |
| Does it grab paid courses? | Yes. Most course sites are plain streams — yt-dlp --cookies-from-browser or The Stream Detector + N_m3u8DL-RE. DRM-locked ones use the same key flow. |
| Need an Android phone? | No. Browser add-ons + public/emulator device files work fine. A phone just gives the cleanest, never-revoked identity. |
| Widevine or PlayReady? | Try your Widevine tools first; if they bounce off, it’s PlayReady — grab VT-PR. |
| Is it hard? | First time takes patience. After that: copy, paste, click. |
| Help when a site changes? | The VideoHelp Streaming forum + the Widevine Mega Text — both above, both updated constantly. |
| Is it legal? | Personal backups of what you pay for: gray area. Sharing rips: piracy. You’re an adult — your call. |
That’s the whole kit — free tools to turn any locked or paid video you can watch into a file you own. Streaming, courses, the lot. Rip it all, keep it all.
No giving up, no crawling back with clean sword and playing dead for nothing. There’s one & only rule: ![]()


!