From ca6c9fd48812411cfaf8ca39876cb9736e2b8dfc Mon Sep 17 00:00:00 2001 From: Vitaly Gashkov Date: Sun, 27 Oct 2024 23:23:47 +0500 Subject: [PATCH] feat: add cli, library, upgrade extension to manifest v3 and new design --- .gitignore | 32 +- LICENSE | 661 + README.md | 48 +- cli/commands/client/help.ts | 22 + cli/commands/client/index.ts | 6 + cli/commands/client/info.ts | 8 + cli/commands/client/pack.ts | 12 + cli/commands/client/unpack.ts | 13 + cli/commands/license/help.ts | 24 + cli/commands/license/index.ts | 1 + cli/commands/license/license.ts | 25 + cli/main.ts | 108 + cli/utils.ts | 39 + eslint.config.js | 20 + examples/demo/eme.js | 56 + examples/demo/package-lock.json | 22 + examples/demo/package.json | 17 + extension/assets/solid.svg | 1 + extension/entrypoints/background.ts | 127 + extension/entrypoints/content.ts | 50 + extension/entrypoints/injected.tsx | 343 + extension/entrypoints/popup/app.tsx | 75 + .../entrypoints/popup/cell-import-client.tsx | 85 + extension/entrypoints/popup/cell.tsx | 49 + extension/entrypoints/popup/cn.ts | 5 + .../popup/components/switch.module.css | 92 + .../entrypoints/popup/components/switch.tsx | 28 + extension/entrypoints/popup/env.d.ts | 4 + extension/entrypoints/popup/index.html | 13 + extension/entrypoints/popup/main.tsx | 6 + extension/entrypoints/popup/state.ts | 5 + extension/entrypoints/popup/styles.css | 3 + extension/public/icon/128.png | Bin 0 -> 3074 bytes extension/public/icon/16.png | Bin 0 -> 559 bytes extension/public/icon/32.png | Bin 0 -> 916 bytes extension/public/icon/48.png | Bin 0 -> 1334 bytes extension/public/icon/96.png | Bin 0 -> 2366 bytes extension/public/wxt.svg | 15 + extension/utils/storage/index.ts | 1 + extension/utils/storage/storage.ts | 21 + extension/utils/storage/utils.ts | 35 + icon128.png | Bin 4514 -> 0 bytes icon16.png | Bin 1070 -> 0 bytes icon48.png | Bin 1936 -> 0 bytes lib/buffer.ts | 88 + lib/certificate.ts | 95 + lib/client.ts | 238 + lib/cmac.ts | 123 + lib/context.ts | 52 + lib/converters.ts | 71 + lib/crypto.ts | 170 + lib/http.ts | 44 + lib/index.ts | 1 + lib/key.ts | 65 + lib/main.ts | 73 + lib/message.ts | 35 + lib/proto/index.ts | 1 + lib/proto/license_protocol.pb.d.ts | 3675 +++++ lib/proto/license_protocol.pb.js | 11230 ++++++++++++++ lib/pssh.ts | 76 + lib/session.ts | 272 + lib/wvd.ts | 145 + manifest.json | 33 - package-lock.json | 12223 ++++++++++++++++ package.json | 100 + postcss.config.js | 7 + prettier.config.js | 8 + src/content.js | 22 - src/drm.js | 65 - src/worker.js | 210 - tailwind.config.ts | 14 + test/certificate.test.ts | 26 + test/client.test.ts | 45 + test/eme.test.ts | 66 + test/keys.test.ts | 32 + test/utils.ts | 27 + tsconfig.json | 19 + vitest.config.ts | 6 + wxt.config.ts | 29 + 79 files changed, 31118 insertions(+), 340 deletions(-) create mode 100644 LICENSE create mode 100644 cli/commands/client/help.ts create mode 100644 cli/commands/client/index.ts create mode 100644 cli/commands/client/info.ts create mode 100644 cli/commands/client/pack.ts create mode 100644 cli/commands/client/unpack.ts create mode 100644 cli/commands/license/help.ts create mode 100644 cli/commands/license/index.ts create mode 100644 cli/commands/license/license.ts create mode 100644 cli/main.ts create mode 100644 cli/utils.ts create mode 100644 eslint.config.js create mode 100644 examples/demo/eme.js create mode 100644 examples/demo/package-lock.json create mode 100644 examples/demo/package.json create mode 100644 extension/assets/solid.svg create mode 100644 extension/entrypoints/background.ts create mode 100644 extension/entrypoints/content.ts create mode 100644 extension/entrypoints/injected.tsx create mode 100644 extension/entrypoints/popup/app.tsx create mode 100644 extension/entrypoints/popup/cell-import-client.tsx create mode 100644 extension/entrypoints/popup/cell.tsx create mode 100644 extension/entrypoints/popup/cn.ts create mode 100644 extension/entrypoints/popup/components/switch.module.css create mode 100644 extension/entrypoints/popup/components/switch.tsx create mode 100644 extension/entrypoints/popup/env.d.ts create mode 100644 extension/entrypoints/popup/index.html create mode 100644 extension/entrypoints/popup/main.tsx create mode 100644 extension/entrypoints/popup/state.ts create mode 100644 extension/entrypoints/popup/styles.css create mode 100644 extension/public/icon/128.png create mode 100644 extension/public/icon/16.png create mode 100644 extension/public/icon/32.png create mode 100644 extension/public/icon/48.png create mode 100644 extension/public/icon/96.png create mode 100644 extension/public/wxt.svg create mode 100644 extension/utils/storage/index.ts create mode 100644 extension/utils/storage/storage.ts create mode 100644 extension/utils/storage/utils.ts delete mode 100644 icon128.png delete mode 100644 icon16.png delete mode 100644 icon48.png create mode 100644 lib/buffer.ts create mode 100644 lib/certificate.ts create mode 100644 lib/client.ts create mode 100644 lib/cmac.ts create mode 100644 lib/context.ts create mode 100644 lib/converters.ts create mode 100644 lib/crypto.ts create mode 100644 lib/http.ts create mode 100644 lib/index.ts create mode 100644 lib/key.ts create mode 100644 lib/main.ts create mode 100644 lib/message.ts create mode 100644 lib/proto/index.ts create mode 100644 lib/proto/license_protocol.pb.d.ts create mode 100755 lib/proto/license_protocol.pb.js create mode 100644 lib/pssh.ts create mode 100644 lib/session.ts create mode 100644 lib/wvd.ts delete mode 100644 manifest.json create mode 100644 package-lock.json create mode 100644 package.json create mode 100644 postcss.config.js create mode 100644 prettier.config.js delete mode 100644 src/content.js delete mode 100644 src/drm.js delete mode 100644 src/worker.js create mode 100644 tailwind.config.ts create mode 100644 test/certificate.test.ts create mode 100644 test/client.test.ts create mode 100644 test/eme.test.ts create mode 100644 test/keys.test.ts create mode 100644 test/utils.ts create mode 100644 tsconfig.json create mode 100644 vitest.config.ts create mode 100644 wxt.config.ts diff --git a/.gitignore b/.gitignore index fdfad1e..b29fadf 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,31 @@ +# Logs +logs +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* +pnpm-debug.log* +lerna-debug.log* + +node_modules +.output +stats.html +stats-*.json +.wxt +web-ext.config.ts +dist + +# Editor directories and files +.vscode/* +!.vscode/extensions.json +.idea .DS_Store -streamyx-extension.crx -streamyx-extension.pem +*.suo +*.ntvs* +*.njsproj +*.sln +*.sw? + +device_client_id_blob +device_private_key +*.wvd diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..0d0e595 --- /dev/null +++ b/LICENSE @@ -0,0 +1,661 @@ + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + +Copyright (C) 2007 Free Software Foundation, Inc. +Everyone is permitted to copy and distribute verbatim copies +of this license document, but changing it is not allowed. + + Preamble + +The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + +The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + +When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + +Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + +A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + +The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + +An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + +The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + +0. Definitions. + +"This License" refers to version 3 of the GNU Affero General Public License. + +"Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + +"The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + +To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + +A "covered work" means either the unmodified Program or a work based +on the Program. + +To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + +To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + +An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + +1. Source Code. + +The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + +A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + +The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + +The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + +The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + +The Corresponding Source for a work in source code form is that +same work. + +2. Basic Permissions. + +All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + +3. Protecting Users' Legal Rights From Anti-Circumvention Law. + +No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + +When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + +4. Conveying Verbatim Copies. + +You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + +5. Conveying Modified Source Versions. + +You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + +A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + +6. Conveying Non-Source Forms. + +You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + +A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + +A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + +"Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + +If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + +The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + +Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + +7. Additional Terms. + +"Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + +All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + +8. Termination. + +You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + +However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + +Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + +Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + +9. Acceptance Not Required for Having Copies. + +You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + +10. Automatic Licensing of Downstream Recipients. + +Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + +An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + +11. Patents. + +A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + +A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + +In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + +If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + +A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + +12. No Surrender of Others' Freedom. + +If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + +13. Remote Network Interaction; Use with the GNU General Public License. + +Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + +Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + +14. Revised Versions of this License. + +The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + +If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + +Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + +15. Disclaimer of Warranty. + +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. Limitation of Liability. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + +17. Interpretation of Sections 15 and 16. + +If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + azot - media drm toolkit + Copyright (C) 2024 Vitaly Gashkov + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + +If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + +You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +. diff --git a/README.md b/README.md index 4125b05..8f06c67 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,48 @@ -# Streamyx Chrome Extension +# azot -Intercept [DRM](https://www.widevine.com/) requests, view logs from [EME](https://w3c.github.io/encrypted-media/) session and copy ready commands for [Streamyx CLI](https://github.com/vitalygashkov/streamyx) +Azot (Russian word for "nitrogen", pronounced `/azо́t/`) is a set of tools (JavaScript library, command-line utility and browser extension) for diagnosing, researching, and pentesting [Google's](https://about.google/) [Widevine](https://www.widevine.com/about) [DRM](https://www.urbandictionary.com/define.php?term=DRM). + +## Features + +- **Network-independent interception**: everything works even with one-time tokens and custom request body/response format. +- **Custom client support**: WVD v2, device_client_id_blob + device_private_key, client_id.bin + private_key.pem +- **Logging** details from EME events in Developer Tools console of current page +- **Manifest V3** compliant browser extension +- **Converting clients** between formats via CLI +- **Encrypted Media Extensions API** compatibility via `requestMediaKeySystemAccess()` method +- **Runtime agnostic** core: works in Node.js, Bun, Deno, browsers and more +- **Minimal** dependencies ## Installation -1. Enable **Developer Mode** in [Chrome Extensions](chrome://extensions/) +> JavaScript library and command-line tool installation requires pre-installed JavaScript runtime (e.g. Node.js). + +### JavaScript library + +```bash +npm install azot +``` + +### Command-line tool + +```bash +npm install -g azot +``` + +### Browser extension + +1. Enable **Developer Mode** in [Chrome Extensions](chrome://extensions/) page 2. Click on **Load Unpacked** -3. Select folder where you extracted zip downloaded from [Releases](https://github.com/vitalygashkov/streamyx-extension/releases) page +3. Select folder where you extracted zip downloaded from [Releases](https://github.com/vitalygashkov/azot/releases) page 4. Done! -## Features +## Usage + +### Example with Encrypted Media Extensions API + +Source code for example available [here](https://github.com/vitalygashkov/orlan/blob/main/examples/demo/eme.js). It's a minimal example of using `azot` to get a license for Bitmovin's Art of Motion Demo. This example similar to [example from EME](https://www.w3.org/TR/encrypted-media-2/#example-8). + +There are some differences from the native EME implementation: -- **Notifications** about intercepted request with button to **copy Streamyx command** for your shell (run it using [Streamyx](https://github.com/vitalygashkov/streamyx) >= v4.0.0-beta.46 to extract content decryption keys) -- [Encrypted Media Extensions (EME)](https://w3c.github.io/encrypted-media/) logging in Developer Tools console (**session ID, key ID, PSSH**, etc.) -- Request **blocking** to catch license requests with disposable / one time tokens (you can add your own list of servers to block in `./src/worker.js`) +1. You must import your Widevine client to obtain a license. +2. In the `keyStatuses` field, Map's key is not just the key ID (like in EME), but pair with ID and value. For example, if key ID in HEX is `35e7eff366b24121a261832f3368146f` and content key itself is `f01471043a064e039a602346845b690f` then Map's key will be `35e7eff366b24121a261832f3368146f:f01471043a064e039a602346845b690f` (but as binary with `BufferSource` type) instead of just `35e7eff366b24121a261832f3368146f`. diff --git a/cli/commands/client/help.ts b/cli/commands/client/help.ts new file mode 100644 index 0000000..dd837e1 --- /dev/null +++ b/cli/commands/client/help.ts @@ -0,0 +1,22 @@ +import { col } from '../../utils'; + +export const help = () => { + console.log(`azot client: Widevine client utilities\n`); + console.log(`Usage: azot client [...flags]\n`); + console.log(`Commands:`); + console.log( + col(`info `) + + 'print info about client that is on path (*.wvd filepath or directory with id and private key)', + ); + console.log( + col(`pack `) + + 'pack client id and private key from directory into single *.wvd file with path', + ); + console.log( + col(`unpack `) + + 'unpack *.wvd from path to separate client id and private key placed in directory', + ); + console.log(''); + console.log(`Flags:`); + console.log(col(`-h, --help`) + 'Display this menu and exit'); +}; diff --git a/cli/commands/client/index.ts b/cli/commands/client/index.ts new file mode 100644 index 0000000..9de0424 --- /dev/null +++ b/cli/commands/client/index.ts @@ -0,0 +1,6 @@ +import { help } from './help'; +import { info } from './info'; +import { pack } from './pack'; +import { unpack } from './unpack'; + +export const client = { info, pack, unpack, help }; diff --git a/cli/commands/client/info.ts b/cli/commands/client/info.ts new file mode 100644 index 0000000..29b5927 --- /dev/null +++ b/cli/commands/client/info.ts @@ -0,0 +1,8 @@ +import { importClient } from '../../utils'; + +export const info = async (input: string) => { + const client = await importClient(input); + for (const [key, value] of client.info.entries()) { + console.log(`${key}: ${value}`); + } +}; diff --git a/cli/commands/client/pack.ts b/cli/commands/client/pack.ts new file mode 100644 index 0000000..b1b782d --- /dev/null +++ b/cli/commands/client/pack.ts @@ -0,0 +1,12 @@ +import { writeFile } from 'node:fs/promises'; +import { join } from 'node:path'; +import { importClient } from '../../utils'; + +export const pack = async (input = process.cwd(), output?: string) => { + const client = await importClient(input); + const wvd = await client.toWvd(); + const wvdName = `${client.info.get('company_name')}_${client.info.get('model_name')}`; + const wvdOutput = output || join(process.cwd(), `${wvdName}.wvd`); + await writeFile(wvdOutput, wvd); + console.log(`Client packed: ${wvdOutput}`); +}; diff --git a/cli/commands/client/unpack.ts b/cli/commands/client/unpack.ts new file mode 100644 index 0000000..0d7e72a --- /dev/null +++ b/cli/commands/client/unpack.ts @@ -0,0 +1,13 @@ +import { writeFile } from 'node:fs/promises'; +import { join } from 'node:path'; +import { importClient } from '../../utils'; + +export const unpack = async (input = process.cwd(), output?: string) => { + const client = await importClient(input); + const [id, key] = await client.toPair(); + const idOutput = join(output || process.cwd(), `device_client_id_blob`); + const keyOutput = join(output || process.cwd(), `device_private_key`); + await writeFile(idOutput, id); + await writeFile(keyOutput, key); + console.log(`Client unpacked: ${idOutput}, ${keyOutput}`); +}; diff --git a/cli/commands/license/help.ts b/cli/commands/license/help.ts new file mode 100644 index 0000000..d6632b1 --- /dev/null +++ b/cli/commands/license/help.ts @@ -0,0 +1,24 @@ +import { col } from '../../utils'; + +export const help = () => { + console.log(`azot license: Make license request\n`); + console.log(`Usage: azot license [...flags]\n`); + console.log(`Commands:`); + console.log( + col(``) + + 'URL of license server (e.g. https://cwip-shaka-proxy.appspot.com/no_auth)', + ); + console.log(''); + console.log(`Flags:`); + console.log(col(`-H, --header`) + 'headers to send with license request'); + console.log(col(`-p, --pssh`) + 'widevine PSSH data in Base64'); + console.log( + col(`-c, --client`) + + 'path to client (directory with id and private key or path to *.wvd file)', + ); + console.log( + col(`-e, --encrypt`) + + 'enable client encryption with service certificate, disabled by default', + ); + console.log(col(`-h, --help`) + 'display this menu and exit'); +}; diff --git a/cli/commands/license/index.ts b/cli/commands/license/index.ts new file mode 100644 index 0000000..2cce621 --- /dev/null +++ b/cli/commands/license/index.ts @@ -0,0 +1 @@ +export * from './license'; diff --git a/cli/commands/license/license.ts b/cli/commands/license/license.ts new file mode 100644 index 0000000..77cb48b --- /dev/null +++ b/cli/commands/license/license.ts @@ -0,0 +1,25 @@ +import { fetchDecryptionKeys } from '@azot/lib'; +import { importClient } from '../../utils'; +import { help } from './help'; + +type LicenseCommandParams = { + url: string; + pssh: string; + clientPath?: string; + encrypt?: boolean; + headers?: string[]; +}; + +export const license = async (params: LicenseCommandParams) => { + const keys = await fetchDecryptionKeys({ + server: params.url, + pssh: params.pssh, + client: await importClient(params.clientPath || process.cwd()), + }); + for (const key of keys) { + console.log(`${key.id}:${key.value}`); + } + return keys; +}; + +license.help = help; diff --git a/cli/main.ts b/cli/main.ts new file mode 100644 index 0000000..5457c7d --- /dev/null +++ b/cli/main.ts @@ -0,0 +1,108 @@ +#!/usr/bin/env node + +import { parseArgs } from 'node:util'; +import { client } from './commands/client'; +import { license } from './commands/license'; +import pkg from '../package.json' with { type: 'json' }; +import { col } from './utils'; + +const args = parseArgs({ + args: process.argv.slice(2), + options: { + pssh: { type: 'string', short: 'p' }, + client: { type: 'string', short: 'c' }, + encrypt: { type: 'boolean', short: 'e', default: false }, + header: { type: 'string', short: 'H', multiple: true }, + help: { type: 'boolean', short: 'h' }, + version: { type: 'boolean', short: 'v' }, + debug: { type: 'boolean', short: 'd' }, + }, + strict: false, + allowPositionals: true, +}); + +const help = () => { + console.log( + `Azot is a research & pentesting toolkit for Google's Widevine DRM. (${pkg.version})\n`, + ); + console.log(`Usage: azot [...flags]\n`); + console.log(`Commands:`); + console.log(col(`license `) + 'Make a license request'); + console.log( + col(`client `) + 'Additional Widevine client utilities', + ); + console.log(''); + console.log(`Flags:`); + console.log(col(`-d, --debug`) + 'Enable debug level logging'); + console.log(col(`-v, --version`) + 'Print version and exit'); + console.log(col(`-h, --help`) + 'Display this menu and exit'); + console.log(''); + console.log(`(more flags in azot license --help and azot client --help)`); +}; + +(async () => { + if (args.values.version) { + console.log(pkg.version); + process.exit(0); + } + + const [command, ...positionals] = args.positionals; + + switch (command) { + case 'client': { + const subcommand = positionals.shift(); + const [input, output] = positionals; + switch (subcommand) { + case 'pack': + client.pack(input, output); + break; + case 'unpack': + client.unpack(input, output); + break; + case 'info': + client.info(input); + break; + default: { + if (args.values.help) { + client.help(); + process.exit(0); + } else { + console.log('Client subcommand required: pack, unpack, info'); + process.exit(1); + } + } + } + break; + } + case 'license': { + if (args.values.help) { + license.help(); + process.exit(0); + } + const url = positionals.shift(); + if (!url) throw new Error('License URL required'); + const pssh = args.values.pssh as string; + if (!pssh) throw new Error('PSSH required'); + const clientPath = args.values.client as string; + const encrypt = args.values.encrypt as boolean; + const headers = args.values.header as string[]; + await license({ url, pssh, clientPath, encrypt, headers }); + break; + } + case 'pssh': + break; + case 'serve': + break; + case 'test': + break; + default: { + if (args.values.help) { + help(); + process.exit(0); + } else { + console.log('Command not found'); + process.exit(1); + } + } + } +})(); diff --git a/cli/utils.ts b/cli/utils.ts new file mode 100644 index 0000000..a51dfb9 --- /dev/null +++ b/cli/utils.ts @@ -0,0 +1,39 @@ +import { readdir, readFile, stat } from 'node:fs/promises'; +import { join } from 'node:path'; +import { Client } from '../lib'; + +export const importClient = async (input: string) => { + const inputStat = await stat(input); + const isDir = inputStat.isDirectory(); + if (isDir) { + const entries = isDir ? await readdir(input) : []; + const idFilename = entries.find((entry) => entry.includes('client_id')); + const keyFilename = entries.find((entry) => entry.includes('private_key')); + const wvdFilename = entries.find((entry) => entry.endsWith('wvd')); + const isUnpacked = !!(idFilename && keyFilename); + const isPacked = !!wvdFilename; + if (isUnpacked) { + const idPath = join(input, idFilename); + const keyPath = join(input, keyFilename); + const id = await readFile(idPath); + const key = await readFile(keyPath); + return Client.fromPair(id, key); + } else if (isPacked) { + const wvdPath = join(input, wvdFilename); + const wvd = await readFile(wvdPath); + return await Client.fromWvd(wvd); + } else { + console.log(`Unable to find client files in ${input}`); + process.exit(1); + } + } else if (input.endsWith('.wvd')) { + const wvd = await readFile(input); + return Client.fromWvd(wvd); + } else { + console.log(`Unable to find client files in ${input}`); + process.exit(1); + } +}; + +export const col = (str: string, offset = 2, width = 30) => + `${' '.repeat(offset)}${str.padEnd(width)}`; diff --git a/eslint.config.js b/eslint.config.js new file mode 100644 index 0000000..a1601a9 --- /dev/null +++ b/eslint.config.js @@ -0,0 +1,20 @@ +import globals from 'globals'; +import pluginJs from '@eslint/js'; +import tseslint from 'typescript-eslint'; +import eslintPluginPrettierRecommended from 'eslint-plugin-prettier/recommended'; + +export default [ + { ignores: ['lib/proto/*', 'dist/*'] }, + { files: ['**/*.{js,mjs,cjs,ts}'] }, + { files: ['**/*.js'], languageOptions: { sourceType: 'commonjs' } }, + { languageOptions: { globals: { ...globals.browser, ...globals.node } } }, + pluginJs.configs.recommended, + ...tseslint.configs.recommended, + eslintPluginPrettierRecommended, + { + rules: { + 'no-empty': 'off', + '@typescript-eslint/no-unused-vars': ['error', { caughtErrors: 'none' }], + }, + }, +]; diff --git a/examples/demo/eme.js b/examples/demo/eme.js new file mode 100644 index 0000000..1e49f5c --- /dev/null +++ b/examples/demo/eme.js @@ -0,0 +1,56 @@ +import { readFile } from 'node:fs/promises'; +import { Client, fromBase64, fromBuffer } from 'azot'; + +(async () => { + const licenseUrl = 'https://cwip-shaka-proxy.appspot.com/no_auth'; + const pssh = + 'AAAAW3Bzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADsIARIQ62dqu8s0Xpa7z2FmMPGj2hoNd2lkZXZpbmVfdGVzdCIQZmtqM2xqYVNkZmFsa3IzaioCSEQyAA=='; + + // If you have device_client_id_blob and device_private_key files + // const id = await readFile('device_client_id_blob'); + // const key = await readFile('device_private_key'); + // const client = await Client.fromPair(id, key); + + // If you have *.wvd file + const wvd = await readFile('client.wvd'); + const client = await Client.fromWvd(wvd); + + const initDataType = 'cenc'; + const initData = fromBase64(pssh).toBuffer(); + + const keySystemAccess = client.requestMediaKeySystemAccess( + 'com.widevine.alpha', + [], + ); + const mediaKeys = await keySystemAccess.createMediaKeys(); + const session = mediaKeys.createSession(); + + session.addEventListener( + 'message', + async (event) => { + const response = await fetch(licenseUrl, { + body: event.message, + method: 'POST', + }); + const data = await response + .arrayBuffer() + .then((buffer) => new Uint8Array(buffer)); + session.update(data); + }, + false, + ); + + session.addEventListener( + 'keystatuseschange', + () => { + const keys = Array.from(session.keyStatuses.keys()); + for (const key of keys) { + const [id, value] = fromBuffer(key).toText().split(':'); + console.log(`${id}:${value}`); + } + }, + false, + ); + + await session.generateRequest(initDataType, initData); +})(); diff --git a/examples/demo/package-lock.json b/examples/demo/package-lock.json new file mode 100644 index 0000000..1eb4ceb --- /dev/null +++ b/examples/demo/package-lock.json @@ -0,0 +1,22 @@ +{ + "name": "azot-example", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "azot-example", + "version": "1.0.0", + "license": "ISC", + "dependencies": { + "azot": "^0.0.1" + } + }, + "node_modules/azot": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/azot/-/azot-0.0.1.tgz", + "integrity": "sha512-qd8VtuBJgy0yXxL4BW8H/Kn5Ck4542mqkbvyHjHn3Bn8kY/tpTxvsz8BE8QdBoLE3k3xi0guMiujwnhh+mEeUw==", + "license": "ISC" + } + } +} diff --git a/examples/demo/package.json b/examples/demo/package.json new file mode 100644 index 0000000..fd8bde8 --- /dev/null +++ b/examples/demo/package.json @@ -0,0 +1,17 @@ +{ + "name": "azot-example", + "version": "1.0.0", + "private": true, + "main": "eme.js", + "type": "module", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "", + "license": "ISC", + "description": "", + "dependencies": { + "azot": "^0.0.1" + } +} diff --git a/extension/assets/solid.svg b/extension/assets/solid.svg new file mode 100644 index 0000000..8a8988c --- /dev/null +++ b/extension/assets/solid.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/extension/entrypoints/background.ts b/extension/entrypoints/background.ts new file mode 100644 index 0000000..eaa7ac7 --- /dev/null +++ b/extension/entrypoints/background.ts @@ -0,0 +1,127 @@ +import { Client, convert } from '@azot/lib'; +import { getMessageType } from '@azot/lib/message'; +import { appStorage } from '@/utils/storage'; + +export default defineBackground({ + type: 'module', + main: () => { + const state: { + client: Client | null; + sessions: Map; + } = { + client: null, + sessions: new Map(), + }; + const events = new Map(); + + const loadClient = async () => { + if (state.client) return state.client; + console.log('[azot] Loading Widevine client...'); + state.client = await appStorage.client.getValue(); + if (state.client) { + console.log('[azot] Widevine client loaded'); + return state.client; + } else { + return console.log('[azot] Unable to load client'); + } + }; + + console.log('[azot] Background service worker started', { + id: browser.runtime.id, + }); + + const parseBinary = (data: Record) => + new Uint8Array(Object.values(data)); + + chrome.runtime.onMessage.addListener((message, sender, sendResponse) => { + (async () => { + console.log('[azot] Received message', message); + + const client = await loadClient(); + if (!client) return; + + const keySystem = client.requestMediaKeySystemAccess( + 'com.widevine.alpha', + [], + ); + const mediaKeys = await keySystem.createMediaKeys(); + + if (message.action === 'generateRequest') { + const { initDataType, initData } = message; + const keySession = mediaKeys.createSession(); + state.sessions.set(initData, keySession); + if (!events.has(keySession.sessionId)) + events.set(keySession.sessionId, []); + keySession.addEventListener( + 'message', + (event: MediaKeyMessageEvent) => { + console.log(event); + events.get(keySession.sessionId)?.push(event); + }, + false, + ); + await keySession.generateRequest(initDataType, initData); + sendResponse(); + } else if (message.action === 'individualization-request') { + // TODO: Handle individualization request + sendResponse(); + } else if (message.action === 'license-request') { + const { initData } = message; + const session = state.sessions.get(initData); + console.log('[azot] Received message license-request', session); + if (!session) return; + const event = events + .get(session.sessionId) + ?.find((e) => e.messageType === 'license-request'); + if (!event?.message) return console.log(`[azot] No message`); + const messageBase64 = convert + .bytes(new Uint8Array(event.message)) + .toBase64(); + console.log(events.get(session.sessionId)); + console.log(`[azot] Sending challenge`, messageBase64, event); + sendResponse(messageBase64); + } else if (message.action === 'update') { + const { initData } = message; + const type = getMessageType(parseBinary(message.message)); + const serviceCertificateMessageType = 5; + const isServiceCertificate = type === serviceCertificateMessageType; + // if (type === serviceCertificateMessageType) { + // console.log('[azot] Service certificate. Skipping'); + // sendResponse(); + // } + const session = state.sessions.get(initData); + if (!session) { + console.log('[azot] Unable to find session'); + sendResponse(); + } + if (isServiceCertificate) { + session?.update(parseBinary(message.message)); + sendResponse(); + } else { + session?.addEventListener( + 'keystatuseschange', + (event) => { + const keySession = event.target as MediaKeySession; + const toPair = (key: Uint8Array) => + convert.bytes(key).toText().split(':') as [ + id: string, + value: string, + ]; + const keys = Array.from( + keySession.keyStatuses.keys(), + ) as unknown as Uint8Array[]; + const results = keys.map((key) => toPair(key)); + console.log('[azot] Received keys', results); + appStorage.keys.setValue(results); + sendResponse({ keys: results }); + }, + false, + ); + await session?.update(parseBinary(message.message)); + } + } + })(); + return true; + }); + }, +}); diff --git a/extension/entrypoints/content.ts b/extension/entrypoints/content.ts new file mode 100644 index 0000000..f28ee1b --- /dev/null +++ b/extension/entrypoints/content.ts @@ -0,0 +1,50 @@ +import { appStorage } from '@/utils/storage'; + +const inject = async (script: string) => { + return new Promise((resolve) => { + const element = document.createElement('script'); + element.type = 'text/javascript'; + element.src = chrome.runtime.getURL(script); + element.onload = function () { + element.remove(); + resolve(true); + }; + (document.head || document.documentElement).appendChild(element); + }); +}; + +export default defineContentScript({ + matches: [ + 'https://*.qq.com/*', + 'https://*.wetv.vip/*', + 'https://*.bitmovin.com/*', + 'https://*.wink.ru/*', + ], + runAt: 'document_start', + allFrames: true, + async main(ctx) { + // Checking if extension enabled + const enabled = await appStorage.enabled.getValue(); + if (enabled) console.log(`[azot] Injecting...`); + else return console.log(`[azot] Injecting disabled`); + + // Injecting script into current page + inject('injected.js'); + + // Listen for event from injected script + window.addEventListener( + 'message', + (event) => { + if (event.source != window) return; + if (event.data.type !== 'drm-message') return; + if (!event.data.log) return; + chrome.runtime.sendMessage(event.data.log).then((response) => { + window.dispatchEvent( + new CustomEvent('drm-message-response', { detail: response }), + ); + }); + }, + false, + ); + }, +}); diff --git a/extension/entrypoints/injected.tsx b/extension/entrypoints/injected.tsx new file mode 100644 index 0000000..e9cef00 --- /dev/null +++ b/extension/entrypoints/injected.tsx @@ -0,0 +1,343 @@ +declare global { + interface MediaKeySession { + initData?: string; + initDataType?: string; + messages?: Map; + } +} + +export default defineUnlistedScript(() => { + const base64 = { + parse: (s: any) => Uint8Array.from(atob(s), (c) => c.charCodeAt(0)), + stringify: (b: any) => btoa(String.fromCharCode(...new Uint8Array(b))), + }; + + const send = async (data: any) => { + window.postMessage({ type: 'drm-message', log: data }, '*'); + return new Promise((resolve) => { + window.addEventListener( + 'drm-message-response', + (event) => resolve((event as any).detail), + false, + ); + }); + }; + + const patchEncryptedMediaExtensions = async () => { + const onGenerateRequest = async ( + initDataType: string, + initData: BufferSource, + session: MediaKeySession, + ) => { + session.initDataType = initDataType; + session.initData = base64.stringify(initData); + session.messages = new Map(); + send({ + action: 'generateRequest', + sessionId: session.sessionId, + initDataType, + initData: session.initData, + }); + + console.groupCollapsed(`[azot] [${session.sessionId}] Generated request`); + console.log(`Initialization Data Type: ${session.initDataType}`); + console.log(`Initialization Data (PSSH): ${session.initData}`); + console.groupEnd(); + }; + + const onKeyStatusesChange = async (session: MediaKeySession) => { + console.groupCollapsed( + `[azot] [${session.sessionId}] Key statuses changed`, + ); + console.log(`Initialization data type: ${session.initDataType}`); + console.log(`Initialization data (PSSH): ${session.initData}`); + console.log(`Keys count: ${session.keyStatuses.size}`); + console.groupEnd(); + return; + }; + + const onMessage = async (event: Event) => { + const { type, message, messageType } = event as MediaKeyMessageEvent; + const session = event.target as MediaKeySession; + if (type === 'keystatuseschange') return onKeyStatusesChange(session); + session.messages?.set(messageType, base64.stringify(message)); + + console.groupCollapsed( + `[azot] [${session.sessionId}] New message from browser CDM: ${messageType}`, + ); + console.log(`Initialization data type: ${session.initDataType}`); + console.log(`Initialization data (PSSH): ${session.initData}`); + console.log(`Message type: ${messageType}`); + console.log(`Message: ${session.messages?.get(messageType)}`); + console.groupEnd(); + + if (['license-release', 'license-renewal'].includes(messageType)) return; + const response = await send({ + action: messageType, + initData: session.initData, + initDataType: session.initDataType, + message: session.messages?.get(messageType), + }); + if (!response) return null; + + const challenge = base64.parse(response); + + console.groupCollapsed( + `[azot] [${session.sessionId}] Swapping a message from CDM with ours`, + ); + console.log(`Initialization data type: ${session.initDataType}`); + console.log(`Initialization data (PSSH): ${session.initData}`); + console.log(`Message type: ${messageType}`); + console.log( + `Message from browser CDM: ${session.messages?.get(messageType)}`, + ); + console.log(`Message from our CDM: ${response}`); + console.groupEnd(); + + const createMessageEvent = ( + session: MediaKeySession, + data: ArrayBuffer | Uint8Array, + dataType: MediaKeyMessageType, + ) => { + class FakeMediaKeyMessageEvent { + constructor( + public type = 'message', + public isTrusted = true, + public currentTarget = session, + public srcElement = session, + public target = session, + public message = ArrayBuffer.isView(data) ? data.buffer : data, + public messageType = dataType, + ) {} + } + return new FakeMediaKeyMessageEvent() as unknown as MediaKeyMessageEvent; + }; + return createMessageEvent(session, challenge, messageType); + }; + + const onUpdate = async ( + response: BufferSource, + session: MediaKeySession, + ): Promise => { + const sessionId = session.sessionId; + const message = new Uint8Array( + ArrayBuffer.isView(response) ? response.buffer : response, + ); + const messageBase64 = base64.stringify(message); + + console.groupCollapsed( + `[azot] [${session.sessionId}] Update session with response`, + ); + console.log(`Initialization data type: ${session.initDataType}`); + console.log(`Initialization data (PSSH): ${session.initData}`); + console.log(`Response: ${messageBase64}`); + console.groupEnd(); + + const result = await send({ + sessionId, + action: 'update', + initData: session.initData, + initDataType: session.initDataType, + message, + messageBase64, + }); + + if (result) { + const { keys } = result; + console.groupCollapsed( + `[azot] [${session.sessionId}] Received keys from our CDM`, + ); + for (const [id, value] of keys) console.log(`${id}:${value}`); + console.groupEnd(); + } + return; + }; + + function interceptProperty< + T extends Record, + K extends keyof T, + >( + object: T, + key: K, + handlers: { + get?: (target: T, value: T[K]) => T[K]; + set?: (target: T, value: T[K]) => void; + call?: ( + target: T[K], + thisArg: T, + argArray: Parameters, + ) => ReturnType; + }, + ) { + // Get the original descriptor if it exists + const originalDescriptor = Object.getOwnPropertyDescriptor(object, key); + let storedValue: T[K]; + + return Object.defineProperty(object, key, { + configurable: true, + enumerable: true, + get: function (this: T) { + // If there's an original getter, use it + if (originalDescriptor?.get) + storedValue = originalDescriptor.get.call(this); + const result = handlers.get + ? handlers.get(this, storedValue) + : storedValue; + return result; + }, + set: function (this: T, newValue: T[K]) { + // If the property is expected to be a function (like onmessage), + // we can wrap it in a proxy to intercept calls + if (typeof newValue === 'function') { + storedValue = new Proxy(newValue, { apply: handlers.call }) as T[K]; + } else { + storedValue = newValue; + } + // If there's an original setter, call it + originalDescriptor?.set?.call(this, storedValue); + handlers.set?.(this, storedValue); + }, + }); + } + + function interceptMethod, K extends keyof T>( + object: T, + method: K, + call: ( + target: T[K], + thisArg: T, + argArray: Parameters, + ) => ReturnType, + ) { + return Object.defineProperty(object, method, { + value: new Proxy(object[method], { apply: call }), + }); + } + + interceptMethod( + MediaKeys.prototype, + 'setServerCertificate', + (_target, _this, _args) => { + console.log(`[azot] Setting server certificate`, _this, _args); + return _target.apply(_this, _args); + }, + ); + + interceptMethod( + MediaKeySession.prototype, + 'generateRequest', + async (generateRequest, session, [initDataType, initData]) => { + await generateRequest.apply(session, [initDataType, initData]); + onGenerateRequest(initDataType, initData, session); + }, + ); + + interceptMethod( + MediaKeySession.prototype, + 'addEventListener', + (_target, _this, _args) => { + const [type, listener, useCapture] = _args; + const listenerWrapper: EventListenerOrEventListenerObject = async ( + event, + ) => { + const modifiedEvent = await onMessage(event); + const isFn = (fn: unknown) => typeof fn === 'function'; + const handler = isFn(listener) ? listener : listener.handleEvent; + return handler(modifiedEvent || event); + }; + return _target.apply(_this, [type, listenerWrapper, useCapture]); + }, + ); + + interceptProperty(MediaKeySession.prototype, 'onmessage', { + set: (target, value) => { + console.log('[azot] MediaKeySession.onmessage set:', value); + }, + get: (target, value) => { + console.log('[azot] MediaKeySession.onmessage get'); + return value; + }, + call: async (_target, _this, [event]) => { + const modifiedEvent = await onMessage(event); + return _target?.apply(_this, [modifiedEvent || event]); + }, + }); + + interceptMethod( + MediaKeySession.prototype, + 'update', + async (_target, _this, [response]) => { + const modifiedResponse = await onUpdate(response, _this); + return _target.apply(_this, [modifiedResponse || response]); + }, + ); + }; + + patchEncryptedMediaExtensions(); + + console.log('[azot] Injection finished'); +}); + +const patchFetch = () => { + if (typeof fetch === 'function') { + const originalFetch = fetch; + const cachedFetch = async function fetch( + resource: URL | RequestInfo, + options?: RequestInit, + ) { + const isPOST = options?.method === 'POST'; + if (!isPOST) return originalFetch(resource, options); + let url: string; + if (typeof resource === 'string' && !options) { + url = resource; + } else { + const request = new Request(resource, options); + url = request.url; + } + const response = await originalFetch(resource, options); + console.log(`[azot] Fetched ${response.url}`); + if (url.includes('license')) { + // const clone = response.clone(); + // const text = await clone.text(); + // console.log(text); + } + return response; + }; + Object.assign(cachedFetch, originalFetch); + try { + // eslint-disable-next-line no-global-assign + fetch = cachedFetch; + } catch (error1) { + try { + globalThis.fetch = cachedFetch; + } catch (error2) { + console.warn( + 'Azot was unable to patch the fetch() function in this environment. ', + ); + } + } + } +}; + +const cloneCurrentPageIntoFrame = () => { + const FRAME_ID = 'azot'; + console.log('[azot] Cloning page into iframe...'); + const added = document.body.querySelector(`#${FRAME_ID}`); + if (added) return; + // if (added) added.remove(); + const originalHtmlContent = document.documentElement.innerHTML; + const frame = document.createElement('iframe'); + if (frame.contentWindow) Object.assign(window, frame.contentWindow); + frame.setAttribute('id', FRAME_ID); + frame.setAttribute('style', 'display: none;'); + document.body.appendChild(frame); + let frameDocument = ('document' in frame + ? frame.document + : frame) as unknown as Document; + if (frame.contentDocument) frameDocument = frame.contentDocument; + else if (frame.contentWindow) frameDocument = frame.contentWindow.document; + frameDocument.open(); + frameDocument.writeln(originalHtmlContent); + frameDocument.close(); + return frame; +}; diff --git a/extension/entrypoints/popup/app.tsx b/extension/entrypoints/popup/app.tsx new file mode 100644 index 0000000..a49cf86 --- /dev/null +++ b/extension/entrypoints/popup/app.tsx @@ -0,0 +1,75 @@ +import { TbTrash } from 'solid-icons/tb'; +import { appStorage } from '@/utils/storage'; +import { Cell } from './cell'; +import { Switch } from './components/switch'; +import { CellImportClient } from './cell-import-client'; +import { useEnabled } from './state'; + +export const App = () => { + const [enabled, setEnabled] = useEnabled(); + const [keys, setKeys] = createSignal<[id: string, value: string][]>([]); + + onMount(async () => { + const enabled = await appStorage.enabled.getValue(); + setEnabled(!!enabled); + const keys = await appStorage.keys.getValue(); + if (keys) setKeys(keys); + }); + + const copyKey = ([id, value]: [id: string, value: string]) => { + navigator.clipboard.writeText(`${id}:${value}`); + }; + + const clearKeys = () => { + appStorage.keys.setValue([]); + setKeys([]); + }; + + return ( +
+ + + { + setEnabled(e.target.checked); + appStorage.enabled.setValue(e.target.checked); + }} + /> + } + > + Enabled + + + } variant="danger" onClick={clearKeys}> + Clear keys + + + {keys().length > 0 && ( +
    + {keys().map(([id, value]) => ( + copyKey([id, value])}> + {id} + {value} + + ))} +
+ )} + +
+ {keys().length === 0 && ( + <> +

Keys will apear here

+

+ Go to streaming service and play media to get keys +

+ + )} +
+
+ ); +}; diff --git a/extension/entrypoints/popup/cell-import-client.tsx b/extension/entrypoints/popup/cell-import-client.tsx new file mode 100644 index 0000000..b3ae85d --- /dev/null +++ b/extension/entrypoints/popup/cell-import-client.tsx @@ -0,0 +1,85 @@ +import { Component } from 'solid-js'; +import { TbShieldCheck, TbShieldDown } from 'solid-icons/tb'; +import { Client } from '@azot/lib'; +import { appStorage } from '@/utils/storage'; +import { Cell } from './cell'; + +export const CellImportClient: Component<{ + onChange?: (client: Client) => void; +}> = (props) => { + const [client, setClient] = createSignal(null); + + const createClient = async ( + id?: Uint8Array | null, + key?: Uint8Array | null, + wvd?: Uint8Array | null, + ) => { + if (id && key) { + const client = new Client(id); + await client.importKey(key); + return client; + } else if (wvd) { + return Client.fromWvd(wvd); + } + }; + + const applyClient = (client?: Client) => { + if (!client) return; + setClient(client); + props.onChange?.(client); + }; + + const initializeClient = async () => { + const wvd = await appStorage.client.wvd.getValue(); + const id = await appStorage.client.id.getValue(); + const key = await appStorage.client.key.getValue(); + createClient(id, key, wvd).then(applyClient); + }; + + createEffect(() => { + initializeClient(); + }); + + const handleFileChange = async (event: Event) => { + const files = Array.from((event.target as HTMLInputElement).files || []); + + const wvd = await files + .find((file) => file.name.includes('wvd')) + ?.arrayBuffer() + .then((buffer) => new Uint8Array(buffer)); + const id = await files + .find((file) => file.name.includes('client')) + ?.arrayBuffer() + .then((buffer) => new Uint8Array(buffer)); + const key = await files + .find((file) => file.name.includes('key')) + ?.arrayBuffer() + .then((buffer) => new Uint8Array(buffer)); + + if (id) appStorage.client.id.setValue(id); + if (key) appStorage.client.key.setValue(key); + if (wvd) appStorage.client.wvd.setValue(wvd); + + createClient(id, key, wvd).then(applyClient); + }; + + return ( + : } + variant="primary" + component="label" + > + {client() ? client()?.toString() : 'Import Widevine client'} + + + ); +}; diff --git a/extension/entrypoints/popup/cell.tsx b/extension/entrypoints/popup/cell.tsx new file mode 100644 index 0000000..bf0e042 --- /dev/null +++ b/extension/entrypoints/popup/cell.tsx @@ -0,0 +1,49 @@ +import { Component, JSX } from 'solid-js'; +import { cn } from './cn'; + +interface CellProps { + title?: string; + subtitle?: string; + children: JSX.Element; + variant?: 'default' | 'primary' | 'danger'; + before?: JSX.Element; + after?: JSX.Element; + component?: 'div' | 'button' | 'label'; + onClick?: () => void; +} + +export const Cell: Component = (props) => { + const cellProps = mergeProps({ Component: 'div' }, props); + + const component = (props: any) => { + switch (cellProps.component) { + case 'button': + return