Widevine DRM - Body request payload

Question

I'm working on the integration of a player which have to play streams secured with Widevine DRM in a browser.

I've checked some well-known players :

DashJs - https://github.com/Dash-Industry-Forum/dash.js/wiki
ShakaPlayer - https://github.com/google/shaka-player

Fortunately, these players provide some samples of stream secured using Widevine DRM.

My question concerns the XHR executes to retrieve DRM Key. In any Widevine secured stream, I can see (in devtools) at least 2 XHR targeting the license server.

Let's take an example: https://media.axprod.net/TestVectors/v7-MultiDRM-SingleKey/Manifest_1080p.mpd

This stream is available in :

DashJs (https://reference.dashif.org/dash.js/nightly/samples/dash-if-reference-player/index.html) : "Axinom Test Content (modern) > 1080p with PlayReady and Widevine DRM, single key"
ShakaPlayer (https://shaka-player-demo.appspot.com/demo/) : "Axinom > Multi-DRM"

On Chrome (65.0.3325.181) when I load the stream I can 2 XHR (let's omit the pre-flight "OPTIONS" xhr) :

POST https://drm-widevine-licensing.axtest.net/AcquireLicense
- Request X-AxDRM-Message header specific to Axinom
- Request Content-Length: 2
- A Request Payload equals to \x08\x04 (Right click on XHR, then "Copy as cURL" and paste it in any text editor)
- Response Content-Length: 706
POST https://drm-widevine-licensing.axtest.net/AcquireLicense
- Request X-AxDRM-Message header specific to Axinom
- Request Content-Length: 3929
- A Request Payload with a certain amount of data
- Response Content-Length: 426

I don't get why there is 2 XHR? Moreover, the first XHR with the two characters \x08\x04 is always sent no matter the stream selected (in case of Widevine DRM stream), is there a specific meaning?

score 3 · Accepted Answer · answered Aug 15 '18 at 06:58

3

The first request is for the Widevine service certificate

The second request is the actual License request

You can read more about this on https://www.widevine.com/product_news.html

See the section Update - Chrome 59 and Service Certificates

answered Aug 15 '18 at 06:58

digitalPBK

2,859
25
26

Thanks @digitalPBK, indeed I finally found this documentation : https://storage.googleapis.com/wvdocs/Widevine_DRM_Proxy_Integration.pdf In the part "Using Service Certificates" they talk about : "It is highly recommended that the service certificate workflow is supported in all proxy implementations. The sample proxy scripts provide code examples on how to support this request.". And this is the first request : Certificate retrieval. – hixe Dec 10 '18 at 10:00
Here's the archive link, since he original is now dead http://web.archive.org/web/20180214001759/https://www.widevine.com/product_news.html – Olumide Sep 06 '20 at 00:57
awesome, I noticed the same but didn't know what they are, thankyou @digitalPBK though, do you know how to decode the content of the response? or are they intentially encrypted as is and not human-readable? Im trying to have our own license server, maybe you can advice – irzhy Dec 04 '22 at 22:32

score 0 · Answer 2 · answered Mar 29 '18 at 23:36

0

There is indeed a specific meaning to the first request. But the exact meaning is not public knowledge. It will require you to get in touch with Widevine and get CWIP certification.

answered Mar 29 '18 at 23:36

colde

3,192
1
15
26

1

This could explain why I cannot find any information about these requests :( Thanks for the tips – hixe Apr 04 '18 at 08:52

Widevine DRM - Body request payload

2 Answers2