Announcement

Collapse
No announcement yet.

So where did the competition go ??

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #76
    Originally posted by MrGrackle View Post

    Long time Easynews member right here! Still $60 a year. The issues I often see though on newsfeeds are recodes and such.​
    When you have been doing this as long as i have, you know who recodes and who doesn't. Sonarr (and all other *arr) are beautifully coded pieces of software with a ton of useful features.

    One of them are release profiles. In there, i tell it to never download stuff that was dubbed or even anything released by TBS. For H265/X265 specifically, i say never download MeGusta releases because if you know about them, you know they convert stuff from H264 to H265.

    Click image for larger version

Name:	image.png
Views:	1523
Size:	71.5 KB
ID:	444155

    Honestly if people knew how easy it is to get all your shows and movies from newsgroups, rename them, move them to a different folder/drive and adding them to their Plex or Kodi libraries, all without lifting a finger after the initial configuration, they'd forget about StreamFab or AnyStream.

    I use StreamFab to guarantee i get a pristine H265, non-exorbitant bitrate, properly subtitled TV Episode. If my wife didn't get me addicted to having subtitles on even for languages i understand and me wanting to hoard everything i download, i wouldn't use StreamFab.

    Comment


      #77
      Originally posted by KidJoe View Post
      I appreciate what you are posting. It's the first time I've ever had a picture of "under the covers" of how they get around the DRM.

      While some of it is going over my head, and I still don't think I understand for sure what process Fox used (and how it differed, not that it really matters), What I can take away is that it is re-enforcing my prior thinking that the process FAB is using to crack and bypass DRM is difficult, and is only getting harder to crack. So going forward, its likely we'll see similar delays as CDMs get revoked.​

      I think most of us were mad at the Poor communication and lack thereof, and the perception of lack of progress and effort around the DRM. Especially when AS had been fixed so quickly.

      While we can understand that cracking DRM is hard and complex, and only going to get more difficult, keep in mind that I, and probably most of the StreamFab users, may have thought that Fab and Fox used different methods to get around DRM, but we didn't/don't know for sure, and we don't know why each is doing something different if they are. Like are there advantages/disadvantages that made FAB use process X and Fox use process Y?

      We only see/saw the "50,000 feet view", which makes it difficult to reconcile why Fox fixed AS so quick (except NF) and Fab was still working on SF for so long.

      Not only that, but every day that went by with no forum posts from Wilson or staff, no updates, etc., every time the info the volunteer mods had posted info turned out to be wrong (due to them being given wrong info), adding re-encoding without any clarification or plan conveyed, adding new porn downloaders, Chinese holidays with no updates, small lingering bugs not being fixed, etc. made it difficult to see the forest for the trees and I at least (although I could read it in other's posts) began getting anxious, losing hope, getting worried, assuming the worst, getting angry.

      I realize its hard to communicate "still working on it" without being able to provide a fixed version. But a road map, why Porn modules being added didn't impact DRM work, etc. could have alleviated the concerns and fears.
      I will try my best to explain the differences.

      There are three major DRM protection schemes in the world. (There are many, but only these three are considered Hollywood-grade encryption methods.)
      1. Widevine - The DRM system created by Google. This is present in almost all types of devices.
      2. PlayReady - The DRM system created by Microsoft. This is present only in some devices, such as PCs/Laptops (Edge browser), some Android phones and Android TVs, and devices like Xbox and PlayStation. Some of these devices have both Widevine and PlayReady integrated, but some devices like PlayStation have only PlayReady as a DRM system.
      3. FairPlay - The DRM system created by Apple. This can only be found in Apple devices. Apple devices usually do not have support for Widevine or PlayReady.

      As you can see, some devices support multiple DRM systems, but others support only one. Therefore, streaming sites typically add support for all three DRM systems so their videos can be played on a wider range of devices.

      Let's talk about Widevine first.

      Widevine has three security levels: L1, L2, and L3. The L2 level is almost non-existent. On Android devices (mobiles, TVs, etc.), we typically find L1 and L3 levels. The security level depends on the device: if a device lacks a trust zone, it will not support L1. On PC browsers, the ChromeCDM is used, which technically falls under L3. In browsers, the ChromeCDM functions solely through a DLL and does not rely on any hardware components for security. For reference, in Widevine, a CDM refers to the Content Decryption Module of the device, which includes the Widevine RSA private key and the client ID of the device. Widevine has been privately cracked from 2016 or earlier.

      First, let's talk about L3. This is the lowest protection level of Widevine. The method for extracting a normal Android L3 CDM is well-known and public to the point where many people on the internet know how to do it. Typically, with an Android L3, you can obtain keys from most services. However, many services now restrict the maximum quality allowed for Android L3 to SD (standard definition) because of this widespread knowledge.

      Next, let's discuss L1. This is the highest protection level of Widevine. Normally, L1 CDMs are extracted through hardware exploits on mobile devices or smart TVs. L1 has no restrictions, and services allow up to 4K quality on them. The challenge is that they are quite difficult to extract, and even if you obtain one, Google will quickly blacklist and revoke it if you make incorrect license requests. Nowadays, a single incorrect license request to services like Apple TV or Netflix can result in immediate revocation of the L1. There is no public method available for extracting L1 CDMs. The general method involves finding a vulnerable device with TEE (Trusted Execution Environment) exploits and using that vulnerability to extract the device's keybox through the TEE. After that, you can provision the keybox to get an L1 CDM. Although this method is not public, some people have obtained L1 CDMs, often through sellers who get leaked L1s from scene/p2p groups. However, the number of people who know how to extract L1s themselves has increased compared to a few years ago.

      Now, the ChromeCDM, which StreamFab uses, is somewhat in the middle of these levels. Some services allow HD/FHD and even UHD qualities to it, even though it is technically an L3. This varies by service. For example, services like Netflix, Amazon, and Canal+ allow 720p/1080p qualities (with all the profiles) for the ChromeCDM, unlike Android L3s, which are limited to SD on those services. Typically, the ChromeCDM supports up to 1080p on most sites and even 4K on sites without strict restrictions. However, some sites limit ChromeCDM to 480p or 720p, similar to Android L3s. For example, on Disney+ and HBO Max (Max), all L3s, including ChromeCDM, are limited to 720p, and on Apple TV, all L3s, including ChromeCDM, are limited to 540p. Note that individual services cannot blacklist or revoke the ChromeCDM, regardless of how many incorrect requests you make, unlike Android L1s. This is because the ChromeCDM is the same for every browser, with the same private key, and will not be revoked until Google issues a new stable version and gradually revokes the old version. Extracting the private key of the ChromeCDM is significantly more difficult than extracting L1s, according to my honest opinion. I have explained the process behind what StreamFab does for cracking the ChromeCDM here.


      Now let's talk about PlayReady.

      PlayReady mainly has two security levels: SL2000 and SL3000. SL2000 is equivalent to Widevine L3 security level, and SL3000 is equivalent to Widevine L1 security level (based on depending on a TEE for content key decryption). On PCs and laptops, PlayReady can only be found in Edge browsers (Edge browsers also support Widevine). Keep in mind that Edge browsers on some Windows versions, such as Windows Server, do not support PlayReady. Depending on whether a PC supports TPM, the Edge browser can contain both SL2000 and SL3000 security levels. For reference, in PlayReady, a "cert" refers to the PlayReady certificate of a device. To the best of my knowledge, PlayReady has been privately cracked since 2021/2022. However, as I mentioned earlier, PlayReady API sellers have only recently emerged. Sellers sell API access to both SL2000 and SL3000 levels. Also, services do not blacklist PlayReady certs very often, and Microsoft does not revoke them frequently, unlike Widevine L1, which can get instantly blacklisted or revoked.

      I am not going to talk about PlayReady in-depth here for various reasons. Think of it as being more or less the same as Widevine in terms of its protection levels and restrictions. The method for extracting PlayReady certs is not public yet, and the only way someone can access PlayReady is through API sellers.

      There isn't much to say about FairPlay. Forget about it. Don't get me wrong, though. It has also been cracked, but only a very, very small number of people—countable on one hand—have access to it. Additionally, we can't use FairPlay with all services even if we crack it, unlike how we can use a Widevine CDM or a PlayReady cert with all services.
      ​​
      So let's go to your question now.

      After the revocation, since AnyStream does not have a way of cracking the ChromeCDM, they had two other options: Widevine L1 or PlayReady. If you read the above descriptions of Widevine and PlayReady, you can understand that AnyStream's next best option is to move on to PlayReady because a) Widevine L1 can get revoked/blacklisted very often, making it really hard to find a new L1 CDM each time, and b) there were many PlayReady sellers emerging at the same time with not-so-unreasonable prices. Also, since license requests of AnyStream supported services already happened server-side in AnyStream, unlike in StreamFab where they occur client-side, it was easy for them to implement PlayReady. I explained the reason here about why they couldn't add support for Netflix with PlayReady. Adding support for Amazon is really easy with PlayReady as all you have to do is swapping some header and payload parameters of the license request and sending the PlayReady challenge which was obtained through the API.

      As for StreamFab, adding support for PlayReady will be a little complex, especially because of the DRM MPD module. The way StreamFab works generally is, when we go to the DRM video in StreamFab's browser, it captures the license request and re-does it directly through the browser and captures the license response of it. Then it simply decrypts the license request and response values directly through their API which I have described in a previous post. Also with PlayReady since we can not add support for Netfix without a special required code, it is best for StreamFab for sticking with what they know - cracking the ChromeCDM.

      AnyStream never developed their own backend solution for cracking DRM. They didn't reverse-engineer something new. They always relied on previously reverse-engineered solutions and third parties in all their AnyStream software versions. On the other hand, StreamFab initiated this entire process with a DRM solution they reverse-engineered on their own. So, for them, the best approach would be to stick to what they know and try to reverse the new ChromeCDM version, just like they already did. Even though it takes time, they have the ability to crack it. So, rather than reverse-engineering a completely new solution, they stuck to their own method.

      Comment


        #78
        Originally posted by MrGrackle View Post

        I reserved my criticism of the problem when it crept, I have a basic understanding of the complexity of the whole situation. Someday (maybe it's already been done) someone will get an epiphany and open it wide open with a bulletproof method, regardless of cdm updates. Without showing my age, I remember the first DVD rippers like it was yesterday, and the method to extract the key was genius. 4K discs? Yup, a 'different' approach is what prevailed, not the actual brute force decipher.
        At some point every company could use the system Vudu uses, seeing as no commercial solutions have figured that one out.



        Long time Easynews member right here! Still $60 a year. The issues I often see though on newsfeeds are recodes and such.​
        VUDU just uses websocket requests instead of normal POST requests for some requests including licensing process. StreamFab can add support for it if they really wanted it. It is completely do-able. Although the quality will be limited to 720p with even the ChromeCDM.

        Comment


          #79
          Originally posted by VeiledCipher View Post

          I will try my best to explain the differences.

          There are three major DRM protection schemes in the world. (There are many, but only these three are considered Hollywood-grade encryption methods.)
          1. Widevine - The DRM system created by Google. This is present in almost all types of devices.
          2. PlayReady - The DRM system created by Microsoft. This is present only in some devices, such as PCs/Laptops (Edge browser), some Android phones and Android TVs, and devices like Xbox and PlayStation. Some of these devices have both Widevine and PlayReady integrated, but some devices like PlayStation have only PlayReady as a DRM system.
          3. FairPlay - The DRM system created by Apple. This can only be found in Apple devices. Apple devices usually do not have support for Widevine or PlayReady.

          As you can see, some devices support multiple DRM systems, but others support only one. Therefore, streaming sites typically add support for all three DRM systems so their videos can be played on a wider range of devices.

          Let's talk about Widevine first.

          Widevine has three security levels: L1, L2, and L3. The L2 level is almost non-existent. On Android devices (mobiles, TVs, etc.), we typically find L1 and L3 levels. The security level depends on the device: if a device lacks a trust zone, it will not support L1. On PC browsers, the ChromeCDM is used, which technically falls under L3. In browsers, the ChromeCDM functions solely through a DLL and does not rely on any hardware components for security. For reference, in Widevine, a CDM refers to the Content Decryption Module of the device, which includes the Widevine RSA private key and the client ID of the device. Widevine has been privately cracked from 2016 or earlier.

          First, let's talk about L3. This is the lowest protection level of Widevine. The method for extracting a normal Android L3 CDM is well-known and public to the point where many people on the internet know how to do it. Typically, with an Android L3, you can obtain keys from most services. However, many services now restrict the maximum quality allowed for Android L3 to SD (standard definition) because of this widespread knowledge.

          Next, let's discuss L1. This is the highest protection level of Widevine. Normally, L1 CDMs are extracted through hardware exploits on mobile devices or smart TVs. L1 has no restrictions, and services allow up to 4K quality on them. The challenge is that they are quite difficult to extract, and even if you obtain one, Google will quickly blacklist and revoke it if you make incorrect license requests. Nowadays, a single incorrect license request to services like Apple TV or Netflix can result in immediate revocation of the L1. There is no public method available for extracting L1 CDMs. The general method involves finding a vulnerable device with TEE (Trusted Execution Environment) exploits and using that vulnerability to extract the device's keybox through the TEE. After that, you can provision the keybox to get an L1 CDM. Although this method is not public, some people have obtained L1 CDMs, often through sellers who get leaked L1s from scene/p2p groups. However, the number of people who know how to extract L1s themselves has increased compared to a few years ago.

          Now, the ChromeCDM, which StreamFab uses, is somewhat in the middle of these levels. Some services allow HD/FHD and even UHD qualities to it, even though it is technically an L3. This varies by service. For example, services like Netflix, Amazon, and Canal+ allow 720p/1080p qualities (with all the profiles) for the ChromeCDM, unlike Android L3s, which are limited to SD on those services. Typically, the ChromeCDM supports up to 1080p on most sites and even 4K on sites without strict restrictions. However, some sites limit ChromeCDM to 480p or 720p, similar to Android L3s. For example, on Disney+ and HBO Max (Max), all L3s, including ChromeCDM, are limited to 720p, and on Apple TV, all L3s, including ChromeCDM, are limited to 540p. Note that individual services cannot blacklist or revoke the ChromeCDM, regardless of how many incorrect requests you make, unlike Android L1s. This is because the ChromeCDM is the same for every browser, with the same private key, and will not be revoked until Google issues a new stable version and gradually revokes the old version. Extracting the private key of the ChromeCDM is significantly more difficult than extracting L1s, according to my honest opinion. I have explained the process behind what StreamFab does for cracking the ChromeCDM here.


          Now let's talk about PlayReady.

          PlayReady mainly has two security levels: SL2000 and SL3000. SL2000 is equivalent to Widevine L3 security level, and SL3000 is equivalent to Widevine L1 security level (based on depending on a TEE for content key decryption). On PCs and laptops, PlayReady can only be found in Edge browsers (Edge browsers also support Widevine). Keep in mind that Edge browsers on some Windows versions, such as Windows Server, do not support PlayReady. Depending on whether a PC supports TPM, the Edge browser can contain both SL2000 and SL3000 security levels. For reference, in PlayReady, a "cert" refers to the PlayReady certificate of a device. To the best of my knowledge, PlayReady has been privately cracked since 2021/2022. However, as I mentioned earlier, PlayReady API sellers have only recently emerged. Sellers sell API access to both SL2000 and SL3000 levels. Also, services do not blacklist PlayReady certs very often, and Microsoft does not revoke them frequently, unlike Widevine L1, which can get instantly blacklisted or revoked.

          I am not going to talk about PlayReady in-depth here for various reasons. Think of it as being more or less the same as Widevine in terms of its protection levels and restrictions. The method for extracting PlayReady certs is not public yet, and the only way someone can access PlayReady is through API sellers.

          There isn't much to say about FairPlay. Forget about it. Don't get me wrong, though. It has also been cracked, but only a very, very small number of people—countable on one hand—have access to it. Additionally, we can't use FairPlay with all services even if we crack it, unlike how we can use a Widevine CDM or a PlayReady cert with all services.
          ​​
          So let's go to your question now.

          After the revocation, since AnyStream does not have a way of cracking the ChromeCDM, they had two other options: Widevine L1 or PlayReady. If you read the above descriptions of Widevine and PlayReady, you can understand that AnyStream's next best option is to move on to PlayReady because a) Widevine L1 can get revoked/blacklisted very often, making it really hard to find a new L1 CDM each time, and b) there were many PlayReady sellers emerging at the same time with not-so-unreasonable prices. Also, since license requests of AnyStream supported services already happened server-side in AnyStream, unlike in StreamFab where they occur client-side, it was easy for them to implement PlayReady. I explained the reason here about why they couldn't add support for Netflix with PlayReady. Adding support for Amazon is really easy with PlayReady as all you have to do is swapping some header and payload parameters of the license request and sending the PlayReady challenge which was obtained through the API.

          As for StreamFab, adding support for PlayReady will be a little complex, especially because of the DRM MPD module. The way StreamFab works generally is, when we go to the DRM video in StreamFab's browser, it captures the license request and re-does it directly through the browser and captures the license response of it. Then it simply decrypts the license request and response values directly through their API which I have described in a previous post. Also with PlayReady since we can not add support for Netfix without a special required code, it is best for StreamFab for sticking with what they know - cracking the ChromeCDM.

          AnyStream never developed their own backend solution for cracking DRM. They didn't reverse-engineer something new. They always relied on previously reverse-engineered solutions and third parties in all their AnyStream software versions. On the other hand, StreamFab initiated this entire process with a DRM solution they reverse-engineered on their own. So, for them, the best approach would be to stick to what they know and try to reverse the new ChromeCDM version, just like they already did. Even though it takes time, they have the ability to crack it. So, rather than reverse-engineering a completely new solution, they stuck to their own method.

          Is it dangerous to be posting how they are doing this. Wouldnt it bring attention and possible a patch in the future to prevent them from doing this or no?

          Comment


            #80
            Posted by VeiledCipher
            Many people might be mad with the amount of time StreamFab takes each time. However, they need to understand that being able to do this is a sort of miracle, and people should appreciate StreamFab a little more. (At least the person behind reversing these.) He has my absolute respect!
            Now you sound like another Fab advertisement. You seem to have a lot of inside information about all the competitors. Is this what you think or what you know?
            Programmer in Python, Java, JavaScript, Swift, PHP, SQL, C#, C++, Go, R

            Comment


              #81
              Originally posted by VeiledCipher View Post

              AnyStream never developed their own backend solution for cracking DRM. They didn't reverse-engineer something new. They always relied on previously reverse-engineered solutions and third parties in all their AnyStream software versions. On the other hand, StreamFab initiated this entire process with a DRM solution they reverse-engineered on their own. So, for them, the best approach would be to stick to what they know and try to reverse the new ChromeCDM version, just like they already did. Even though it takes time, they have the ability to crack it. So, rather than reverse-engineering a completely new solution, they stuck to their own method.

              In that case, I don't get why a certain mod on Anystream forum was always so smug towards Streamfab...

              Comment


                #82
                Originally posted by theresay View Post

                In that case, I don't get why a certain mod on Anystream forum was always so smug towards Streamfab...
                Looks like the other program is gone for good. I hope we can concentrate on making this program better and better.
                Programmer in Python, Java, JavaScript, Swift, PHP, SQL, C#, C++, Go, R

                Comment


                  #83
                  Originally posted by jpp72 View Post

                  When you have been doing this as long as i have, you know who recodes and who doesn't. Sonarr (and all other *arr) are beautifully coded pieces of software with a ton of useful features.

                  One of them are release profiles. In there, i tell it to never download stuff that was dubbed or even anything released by TBS. For H265/X265 specifically, i say never download MeGusta releases because if you know about them, you know they convert stuff from H264 to H265.

                  Honestly if people knew how easy it is to get all your shows and movies from newsgroups, rename them, move them to a different folder/drive and adding them to their Plex or Kodi libraries, all without lifting a finger after the initial configuration, they'd forget about StreamFab or AnyStream.

                  I use StreamFab to guarantee i get a pristine H265, non-exorbitant bitrate, properly subtitled TV Episode. If my wife didn't get me addicted to having subtitles on even for languages i understand and me wanting to hoard everything i download, i wouldn't use StreamFab.
                  Because Peacock isn't working right on SF and I am missing just a few episodes to finish a season, I took a chance on a poster named (CPP-Gebruiker) --- from the NL domain. Usually have good luck with the .NL posts. Not only did I just fill the gaps, but they sourced it from Prime when it was available there before, so instead of 192 audio, I got 640. Now the conundrum of doubling back (??)
                  I did see some MeGusta stuff, but the file sizes were suspicious (all the same!). I suspect they set a total file size profile and go with it.

                  Comment


                    #84
                    Originally posted by MrGrackle View Post

                    Because Peacock isn't working right on SF and I am missing just a few episodes to finish a season, I took a chance on a poster named (CPP-Gebruiker) --- from the NL domain. Usually have good luck with the .NL posts. Not only did I just fill the gaps, but they sourced it from Prime when it was available there before, so instead of 192 audio, I got 640. Now the conundrum of doubling back (??)
                    I did see some MeGusta stuff, but the file sizes were suspicious (all the same!). I suspect they set a total file size profile and go with it.
                    For Peacock, you can't go wrong with NTb releases for H264/x264 and Yello for H265/x265

                    Click image for larger version

Name:	image.png
Views:	1413
Size:	383.8 KB
ID:	444184

                    Comment


                      #85
                      jpp72, I tried to message you but you don't take messages. I'd like to know more about NZbget. Thx.

                      Comment


                        #86
                        Originally posted by mustangdmg View Post
                        jpp72, I tried to message you but you don't take messages. I'd like to know more about NZbget. Thx.
                        NZBGet is a popular Usenet downloader written in C++ that efficiently downloads binary content from Usenet newsgroups. It works by processing NZB files, which contain information about the articles to download, and then retrieving and assembling them from Usenet servers. NZBGet is known for its performance and efficiency and can run on almost any device, including PCs, NAS, media players, SAT receivers, and WLAN routers. It's also designed to achieve maximum download speed while using very little system resources.
                        Programmer in Python, Java, JavaScript, Swift, PHP, SQL, C#, C++, Go, R

                        Comment


                          #87
                          Originally posted by mustangdmg View Post
                          jpp72, I tried to message you but you don't take messages. I'd like to know more about NZbget. Thx.
                          same, im assuming you have to be a member of something somewhere correct?

                          Comment


                            #88
                            You need to follow me to message me. I need to approve the follow. When i was a mod, people were messaging me directly so i had to put a stop to that

                            Comment


                              #89
                              I have been using binary newsgroups since 2001, text ones before that. Currently use Eweka combined with Easynews. The best NZB sites all got taken down years ago, so I just ended up using Newsleecher for search and downloads, especially good when they started to de-obfuscate titles. Sadly they went poor, so just use NZBPlanet, Drunkenslug, & Easynews search now.

                              Debrid downloading is good too, such as Realdebrid.

                              Do I presume NZBGet (I use SabNZBd) is purely for loading up NZB's and it doesn't have its own built in search ?
                              Last edited by Zammo; 06-11-2024, 10:10 PM.

                              Comment


                                #90
                                Originally posted by Zammo View Post
                                Do I presume NZBGet (I use SabNZBd) is purely for loading up NZB's and it doesn't have its own built in search ?
                                Correct. I was using SABnzbd with SickBeard and CouchPotato before i discovered NZBget. Before all the automation introduced by SickBeard and CouchPotato, i was using Forté Agent Newsreader

                                There are plenty of good NZB Indexers still around but nothing beats the old NZBs(dot)ORG

                                Click image for larger version  Name:	image.png Views:	0 Size:	279.7 KB ID:	444234

                                Comment

                                Working...
                                X