2025-10-23 –, Europe
This presentation will provide an in-depth look at a legacy version of Widevine L3, Google's software-based Digital Rights Management (DRM) system. Despite its widespread use in streaming services, often for low-definition content where its software-only nature is deemed sufficient protection, Widevine L3 has faced numerous public compromises. We will demonstrate how partial emulation can be practically applied to perform Differential Fault Analysis (DFA), breaking the system's root of trust. The talk will conclude with a detailed walkthrough of deobfuscating the Widevine L3 codebase to enable the generation of custom keyboxes.
I always wondered how exactly pirates are able to get their hands on the latest shows from major streaming providers. This curiosity led me on a deep dive into the complex world of Digital Rights Management (DRM).
For this presentation, I will focus on Widevine, Google's widely deployed DRM system, specifically its software-only version, Widevine Level 3 (L3), which is more accessible for analysis and has a history of public compromises. From a tweet by security researcher David Buchanan in 2019, I learned that Widevine L3's white-box AES implementation was susceptible to Differential Fault Analysis (DFA). This presented a unique opportunity to not only explore a real-world DRM system but also to gain practical experience in applying this powerful cryptographic attack. And while we are at it, perhaps we can gain some insights by reversing their legacy version that remain applicable to current implementations.
Felipe Custodio Romero (@_localo_) is a vulnerability researcher at Neodyme, obsessed with finding weaknesses in all sorts of systems. Whether he's exploiting game clients like Counter-Strike, compromising IoT devices (such as printers and routers at Pwn2Own), or digging into low-level bootroms, Felipe's interests are broad and deep. Beyond his research, he's dedicated to forming the next generation of security professionals by organising CTFs like the CSCG, providing a platform for newcomers to explore IT security and allowing existing talents to sharpen their abilities. Much of his practical experience was gained by participating in numerous CTFs with teams ALLES! and FluxFingers.