๐ Analysis of Vulnerabilities and Proof of Concept on Streaming Platforms Bachelor's Degree Thesis - University of Catania (UNICT)
๐ Project Overview
This thesis project analyzes the content protection mechanisms (DRM, Tokenization, Obfuscation) adopted by major streaming platforms such as Spotify, YouTube, and Twitch. Through the development of various Proof of Concept (PoC) tools in Python and JavaScript, the research explores vulnerabilities that allow for the access and download of original media content despite the implemented security layers. ๐ฏ Objectives
Analysis of the Widevine DRM ecosystem and extraction of decryption keys.
Bypassing YouTube's "n-parameter" JavaScript obfuscation used for bandwidth throttling.
Reconstruction of segmented media streams from m3u8 playlists and seektable metadata.
Automation of media acquisition for cybersecurity research purposes.
๐ ๏ธ Main Modules
๐ต Spotify Downloader & Widevine PoC
The core of the DRM research focuses on Spotify's implementation:
Authentication: Handles session management using TOTP generation and cookie persistence.
Key Exchange: Retrieves the PSSH (Protection System Specific Header) from seektable files to initiate the license challenge.
Decryption: Interfaces with a CDM (Content Decryption Module) to parse Widevine licenses and extract the content keys.
Reconstruction: Downloads encrypted audio chunks and uses mp4decrypt to produce the final decrypted .mp4 file.
๐บ YouTube "n-parameter" Bypass
An analysis of YouTube's client-side throttling mechanism:
The Challenge: YouTube uses an obfuscated JavaScript function to calculate an n parameter, which is required to prevent download speed capping.
The Solution: The PoC extracts the obfuscated code from the player_ias.vflset base script and executes it using a Node.js environment to resolve the parameter in real-time, enabling high-speed data fetching.
๐ฎ Twitch Stream Reconstructor m3u8 URL playlist forging: It forges m3u8 playlist URL starting from the metadata that Twitch itself gives us, working even for sub-only VoD
HLS Management: Processes dynamic m3u8 playlists to identify all available media segments (.ts chunks).
Concurrency: Implements an asynchronous parallel downloader using asyncio and aiohttp to minimize acquisition time.
Final Processing: Automates the merging of segments using ffmpeg to ensure a seamless video output.
๐ธ Demo & Screenshots Description Visual DRM Key Extraction System Workflow YouTube JS Analysis ๐ Technologies Used
Languages: Python 3.x, JavaScript (Node.js).
Python Libraries: requests, pywidevine, aiohttp, BeautifulSoup4, re.
External Tools: ffmpeg, mp4decrypt (Bento4).
Protocols: Widevine DRM, HLS (m3u8), DASH, Base62 encoding.
๐ Repository Structure
Downloader/ โโโ DRM Proof Of Concept/ โ โโโ drmDemo.py # Generic CDM interaction demo โโโ Spotify/ โ โโโ spotify_downloader.py # Full download & decryption logic โ โโโ note.txt # Analysis of Spotify's internal API โ โโโ device.wvd # Widevine Device file (CDM) โโโ Youtube/ โ โโโ Youtube_downloader.py # n-param bypass and video fetching โ โโโ n_parameter_scripts/ # JS scripts for obfuscation solving โโโ Twitch/ โโโ TwitchDownloader.py # M3U8 handling and parallel download
This project was developed strictly for educational and research purposes as part of a university thesis. The author does not encourage or support the use of these tools to violate the terms of service of the mentioned platforms or for any activities related to digital piracy.