7 from StringIO import StringIO
14 from Crypto.PublicKey import RSA
15 from Crypto.Cipher import PKCS1_OAEP
16 from Crypto.Cipher import AES
17 from Crypto.Random import get_random_bytes
18 # from Crypto.Hash import HMAC, SHA256
19 from Crypto.Util import Padding
20 import xml.etree.ElementTree as ET
21 from common import log
22 from common import ADDONUSERDATA
24 pp = pprint.PrettyPrinter(indent=4)
26 def base64key_decode(payload):
33 raise ValueError('Invalid base64 string')
34 return base64.urlsafe_b64decode(payload.encode('utf-8'))
38 handshake_performed = False # Is a handshake already performed and the keys loaded
40 last_playback_context = ''
41 #esn = "NFCDCH-LX-CQE0NU6PA5714R25VPLXVU2A193T36"
42 esn = "WWW-BROWSE-D7GW1G4NPXGR1F0X1H3EQGY3V1F5WE"
43 current_message_id = 0
44 session = requests.session()
45 rndm = random.SystemRandom()
48 'manifest': 'http://www.netflix.com/api/msl/NFCDCH-LX/cadmium/manifest',
49 'license': 'http://www.netflix.com/api/msl/NFCDCH-LX/cadmium/license'
52 def __init__(self, email, password):
54 The Constructor checks for already existing crypto Keys.
55 If they exist it will load the existing keys
58 self.password = password
60 os.mkdir(ADDONUSERDATA)
64 if self.file_exists('msl_data.json'):
65 self.__load_msl_data()
66 self.handshake_performed = True
67 elif self.file_exists('rsa_key.bin'):
68 log('RSA Keys do already exist load old ones')
69 self.__load_rsa_keys()
70 self.__perform_key_handshake()
72 log('Create new RSA Keys')
73 # Create new Key Pair and save
74 self.rsa_key = RSA.generate(2048)
75 self.__save_rsa_keys()
76 self.__perform_key_handshake()
78 def load_manifest(self, viewable_id):
79 manifest_request_data = {
81 'lookupType': 'PREPARE',
82 'viewableIds': [viewable_id],
84 'playready-h264mpl30-dash',
85 'playready-h264mpl31-dash',
93 'drmSystem': 'widevine',
94 'appId': '14673889385265',
96 'pinCapableClient': False,
97 'uiplaycontext': 'null'
99 'sessionId': '14673889385265',
101 'flavor': 'PRE_FETCH',
103 'supportPreviewContent': True,
104 'forceClearStreams': False,
105 'languages': ['de-DE'],
106 'clientVersion': '4.0004.899.011',
109 request_data = self.__generate_msl_request_data(manifest_request_data)
111 resp = self.session.post(self.endpoints['manifest'], request_data)
116 log('MANIFEST RESPONE JSON: '+resp.text)
118 # Maybe we have a CHUNKED response
119 resp = self.__parse_chunked_msl_response(resp.text)
120 data = self.__decrypt_payload_chunk(resp['payloads'][0])
121 # pprint.pprint(data)
122 return self.__tranform_to_dash(data)
125 def get_license(self, challenge, sid):
128 std::time_t t = std::time(0); // t is an integer type
129 licenseRequestData["clientTime"] = (int)t;
130 //licenseRequestData["challengeBase64"] = challengeStr;
131 licenseRequestData["licenseType"] = "STANDARD";
132 licenseRequestData["playbackContextId"] = playbackContextId;//"E1-BQFRAAELEB32o6Se-GFvjwEIbvDydEtfj6zNzEC3qwfweEPAL3gTHHT2V8rS_u1Mc3mw5BWZrUlKYIu4aArdjN8z_Z8t62E5jRjLMdCKMsVhlSJpiQx0MNW4aGqkYz-1lPh85Quo4I_mxVBG5lgd166B5NDizA8.";
133 licenseRequestData["drmContextIds"] = Json::arrayValue;
134 licenseRequestData["drmContextIds"].append(drmContextId);
142 license_request_data = {
144 'licenseType': 'STANDARD',
145 'clientVersion': '4.0004.899.011',
146 'uiVersion': 'akira',
147 'languages': ['de-DE'],
148 'playbackContextId': self.last_playback_context,
149 'drmContextIds': [self.last_drm_context],
151 'dataBase64': challenge,
154 'clientTime': int(time.time()),
155 'xid': int((int(time.time()) + 0.1612) * 1000)
158 request_data = self.__generate_msl_request_data(license_request_data)
160 resp = self.session.post(self.endpoints['license'], request_data)
164 log('LICENSE RESPONE JSON: '+resp.text)
166 # Maybe we have a CHUNKED response
167 resp = self.__parse_chunked_msl_response(resp.text)
168 data = self.__decrypt_payload_chunk(resp['payloads'][0])
169 # pprint.pprint(data)
170 if data['success'] is True:
171 return data['result']['licenses'][0]['data']
176 def __decrypt_payload_chunk(self, payloadchunk):
177 payloadchunk = json.JSONDecoder().decode(payloadchunk)
178 encryption_envelope = json.JSONDecoder().decode(base64.standard_b64decode(payloadchunk['payload']))
180 cipher = AES.new(self.encryption_key, AES.MODE_CBC, base64.standard_b64decode(encryption_envelope['iv']))
181 plaintext = cipher.decrypt(base64.standard_b64decode(encryption_envelope['ciphertext']))
182 # unpad the plaintext
183 plaintext = json.JSONDecoder().decode(Padding.unpad(plaintext, 16))
184 data = plaintext['data']
186 # uncompress data if compressed
187 if plaintext['compressionalgo'] == 'GZIP':
188 data = zlib.decompress(base64.standard_b64decode(data), 16 + zlib.MAX_WBITS)
190 data = base64.standard_b64decode(data)
192 data = json.JSONDecoder().decode(data)[1]['payload']['data']
193 data = base64.standard_b64decode(data)
194 return json.JSONDecoder().decode(data)
197 def __tranform_to_dash(self, manifest):
199 self.save_file('manifest.json', json.dumps(manifest))
200 manifest = manifest['result']['viewables'][0]
202 self.last_playback_context = manifest['playbackContextId']
203 self.last_drm_context = manifest['drmContextId']
207 if 'psshb64' in manifest:
208 if len(manifest['psshb64']) >= 1:
209 pssh = manifest['psshb64'][0]
213 root = ET.Element('MPD')
214 root.attrib['xmlns'] = 'urn:mpeg:dash:schema:mpd:2011'
215 root.attrib['xmlns:cenc'] = 'urn:mpeg:cenc:2013'
218 seconds = manifest['runtime']/1000
219 duration = "PT"+str(seconds)+".00S"
221 period = ET.SubElement(root, 'Period', start='PT0S', duration=duration)
223 # One Adaption Set for Video
224 for video_track in manifest['videoTracks']:
225 video_adaption_set = ET.SubElement(period, 'AdaptationSet', mimeType='video/mp4', contentType="video")
227 protection = ET.SubElement(video_adaption_set, 'ContentProtection',
228 schemeIdUri='urn:uuid:EDEF8BA9-79D6-4ACE-A3C8-27DCD51D21ED')
230 ET.SubElement(protection, 'cenc:pssh').text = pssh
232 for downloadable in video_track['downloadables']:
233 rep = ET.SubElement(video_adaption_set, 'Representation',
234 width=str(downloadable['width']),
235 height=str(downloadable['height']),
236 bandwidth=str(downloadable['bitrate']*1024),
238 mimeType='video/mp4')
241 ET.SubElement(rep, 'BaseURL').text = self.__get_base_url(downloadable['urls'])
242 # Init an Segment block
243 segment_base = ET.SubElement(rep, 'SegmentBase', indexRange="0-60000", indexRangeExact="true")
244 ET.SubElement(segment_base, 'Initialization', range='0-60000')
248 # Multiple Adaption Set for audio
249 for audio_track in manifest['audioTracks']:
250 audio_adaption_set = ET.SubElement(period, 'AdaptationSet',
251 lang=audio_track['bcp47'],
253 mimeType='audio/mp4')
254 for downloadable in audio_track['downloadables']:
255 rep = ET.SubElement(audio_adaption_set, 'Representation',
257 bandwidth=str(downloadable['bitrate']*1024),
258 mimeType='audio/mp4')
261 ET.SubElement(rep, 'AudioChannelConfiguration',
262 schemeIdUri='urn:mpeg:dash:23003:3:audio_channel_configuration:2011',
263 value=str(audio_track['channelsCount']))
266 ET.SubElement(rep, 'BaseURL').text = self.__get_base_url(downloadable['urls'])
268 segment_base = ET.SubElement(rep, 'SegmentBase', indexRange="0-60000", indexRangeExact="true")
269 ET.SubElement(segment_base, 'Initialization', range='0-60000')
272 xml = ET.tostring(root, encoding='utf-8', method='xml')
273 xml = xml.replace('\n', '').replace('\r', '')
276 def __get_base_url(self, urls):
280 def __parse_chunked_msl_response(self, message):
288 while i < len(message):
289 if message[i] == '{':
290 opencount = opencount + 1
291 if message[i] == '}':
292 closecount = closecount + 1
293 if opencount == closecount:
298 payloads.append(message[old_end:i + 1])
306 def __generate_msl_request_data(self, data):
307 header_encryption_envelope = self.__encrypt(self.__generate_msl_header())
309 'headerdata': base64.standard_b64encode(header_encryption_envelope),
310 'signature': self.__sign(header_encryption_envelope),
311 'mastertoken': self.mastertoken,
314 # Serialize the given Data
315 serialized_data = json.dumps(data)
316 serialized_data = serialized_data.replace('"', '\\"')
317 serialized_data = '[{},{"headers":{},"path":"/cbp/cadmium-11","payload":{"data":"' + serialized_data + '"},"query":""}]\n'
319 compressed_data = self.__compress_data(serialized_data)
321 # Create FIRST Payload Chunks
323 "messageid": self.current_message_id,
324 "data": compressed_data,
325 "compressionalgo": "GZIP",
329 first_payload_encryption_envelope = self.__encrypt(json.dumps(first_payload))
330 first_payload_chunk = {
331 'payload': base64.standard_b64encode(first_payload_encryption_envelope),
332 'signature': self.__sign(first_payload_encryption_envelope),
336 # Create Second Payload
338 "messageid": self.current_message_id,
343 second_payload_encryption_envelope = self.__encrypt(json.dumps(second_payload))
344 second_payload_chunk = {
345 'payload': base64.standard_b64encode(second_payload_encryption_envelope),
346 'signature': base64.standard_b64encode(self.__sign(second_payload_encryption_envelope)),
349 request_data = json.dumps(header) + json.dumps(first_payload_chunk) # + json.dumps(second_payload_chunk)
354 def __compress_data(self, data):
357 with gzip.GzipFile(fileobj=out, mode="w") as f:
359 return base64.standard_b64encode(out.getvalue())
362 def __generate_msl_header(self, is_handshake=False, is_key_request=False, compressionalgo="GZIP", encrypt=True):
364 Function that generates a MSL header dict
365 :return: The base64 encoded JSON String of the header
367 self.current_message_id = self.rndm.randint(0, pow(2, 52))
371 'handshake': is_handshake,
372 'nonreplayable': False,
374 'languages': ["en-US"],
375 'compressionalgos': []
377 'recipient': 'Netflix',
379 'messageid': self.current_message_id,
380 'timestamp': 1467733923
383 # Add compression algo if not empty
384 if compressionalgo is not "":
385 header_data['capabilities']['compressionalgos'].append(compressionalgo)
387 # If this is a keyrequest act diffrent then other requests
389 public_key = base64.standard_b64encode(self.rsa_key.publickey().exportKey(format='DER'))
390 header_data['keyrequestdata'] = [{
391 'scheme': 'ASYMMETRIC_WRAPPED',
393 'publickey': public_key,
394 'mechanism': 'JWK_RSA',
395 'keypairid': 'superKeyPair'
399 if 'usertoken' in self.tokens:
402 # Auth via email and password
403 header_data['userauthdata'] = {
404 'scheme': 'EMAIL_PASSWORD',
407 'password': self.password
411 return json.dumps(header_data)
415 def __encrypt(self, plaintext):
417 Encrypt the given Plaintext with the encryption key
419 :return: Serialized JSON String of the encryption Envelope
421 iv = get_random_bytes(16)
422 encryption_envelope = {
424 'keyid': self.esn + '_' + str(self.sequence_number),
426 'iv': base64.standard_b64encode(iv)
429 plaintext = Padding.pad(plaintext, 16)
431 cipher = AES.new(self.encryption_key, AES.MODE_CBC, iv)
432 ciphertext = cipher.encrypt(plaintext)
433 encryption_envelope['ciphertext'] = base64.standard_b64encode(ciphertext)
434 return json.dumps(encryption_envelope)
436 def __sign(self, text):
437 #signature = hmac.new(self.sign_key, text, hashlib.sha256).digest()
438 signature = HMAC(self.sign_key, text, hashlib.sha256).digest()
441 # hmac = HMAC.new(self.sign_key, digestmod=SHA256)
443 return base64.standard_b64encode(signature)
446 def __perform_key_handshake(self):
448 header = self.__generate_msl_header(is_key_request=True, is_handshake=True, compressionalgo="", encrypt=False)
456 'headerdata': base64.standard_b64encode(header),
459 log('Key Handshake Request:')
460 log(json.dumps(request))
463 resp = self.session.post(self.endpoints['manifest'], json.dumps(request, sort_keys=True))
464 if resp.status_code == 200:
466 if 'errordata' in resp:
467 log('Key Exchange failed')
468 log(base64.standard_b64decode(resp['errordata']))
470 self.__parse_crypto_keys(json.JSONDecoder().decode(base64.standard_b64decode(resp['headerdata'])))
472 log('Key Exchange failed')
475 def __parse_crypto_keys(self, headerdata):
476 self.__set_master_token(headerdata['keyresponsedata']['mastertoken'])
478 encrypted_encryption_key = base64.standard_b64decode(headerdata['keyresponsedata']['keydata']['encryptionkey'])
479 encrypted_sign_key = base64.standard_b64decode(headerdata['keyresponsedata']['keydata']['hmackey'])
480 cipher_rsa = PKCS1_OAEP.new(self.rsa_key)
482 # Decrypt encryption key
483 encryption_key_data = json.JSONDecoder().decode(cipher_rsa.decrypt(encrypted_encryption_key))
484 self.encryption_key = base64key_decode(encryption_key_data['k'])
487 sign_key_data = json.JSONDecoder().decode(cipher_rsa.decrypt(encrypted_sign_key))
488 self.sign_key = base64key_decode(sign_key_data['k'])
490 self.__save_msl_data()
491 self.handshake_performed = True
493 def __load_msl_data(self):
494 msl_data = json.JSONDecoder().decode(self.load_file('msl_data.json'))
495 self.__set_master_token(msl_data['tokens']['mastertoken'])
496 self.encryption_key = base64.standard_b64decode(msl_data['encryption_key'])
497 self.sign_key = base64.standard_b64decode(msl_data['sign_key'])
499 def __save_msl_data(self):
501 Saves the keys and tokens in json file
505 "encryption_key": base64.standard_b64encode(self.encryption_key),
506 'sign_key': base64.standard_b64encode(self.sign_key),
508 'mastertoken': self.mastertoken
511 serialized_data = json.JSONEncoder().encode(data)
512 self.save_file('msl_data.json', serialized_data)
514 def __set_master_token(self, master_token):
515 self.mastertoken = master_token
516 self.sequence_number = json.JSONDecoder().decode(base64.standard_b64decode(master_token['tokendata']))[
519 def __load_rsa_keys(self):
520 loaded_key = self.load_file('rsa_key.bin')
521 self.rsa_key = RSA.importKey(loaded_key)
523 def __save_rsa_keys(self):
525 # Get the DER Base64 of the keys
526 encrypted_key = self.rsa_key.exportKey()
527 self.save_file('rsa_key.bin', encrypted_key)
530 def file_exists(filename):
532 Checks if a given file exists
533 :param filename: The filename
536 return os.path.isfile(ADDONUSERDATA + filename)
539 def save_file(filename, content):
541 Saves the given content under given filename
542 :param filename: The filename
543 :param content: The content of the file
545 with open(ADDONUSERDATA + filename, 'w') as file_:
550 def load_file(filename):
552 Loads the content of a given filename
553 :param filename: The file to load
554 :return: The content of the file
556 with open(ADDONUSERDATA + filename) as file_:
557 file_content = file_.read()