@li0ard/widevine 0.1.0 → 0.1.2

package/README.md

@@ -39,13 +39,13 @@ const sessionId = cdm.open();
 
 const pssh = PSSH.decode(Buffer.from("....", "base64"));
 
-const challenge = cdm.get_license_challenge(sessionId, pssh);
+const challenge = cdm.getLicenseChallenge(sessionId, pssh);
 const license = await (await fetch(`https://cwip-shaka-proxy.appspot.com/no_auth`, {
     method: "POST",
     body: challenge
 })).arrayBuffer();
 
-for(const key of cdm.parse_license(sessionId, new Uint8Array(license)))
+for(const key of cdm.parseLicense(sessionId, new Uint8Array(license)))
     console.log(`- [${KeyType[key.type]}] ${bytesToHex(key.kid)}:${bytesToHex(key.key)}`);
 
 cdm.close(sessionId);

package/dist/const.d.ts

@@ -1,6 +1,4 @@
 import { pywidevine_license_protocol } from "./protos/license_protocol.js";
-/** Widevine System ID */
-export declare const WIDEVINE_SID: Readonly<Uint8Array>;
 /** Device type */
 export declare enum DeviceType {
     CHROME = 1,
@@ -8,3 +6,8 @@ export declare enum DeviceType {
 }
 /** Key type */
 export declare const KeyType: typeof pywidevine_license_protocol.License.KeyContainer.KeyType;
+/** License type */
+export declare const LicenseType: typeof pywidevine_license_protocol.LicenseType;
+export declare const ROOT_CERT: pywidevine_license_protocol.DrmCertificate;
+/** Challenge to get service certificate */
+export declare const SERVICE_CERTIFICATE_CHALLENGE: Readonly<Uint8Array>;

package/dist/const.js

@@ -1,6 +1,6 @@
+import { hexToBytes } from "@noble/ciphers/utils.js";
 import { pywidevine_license_protocol } from "./protos/license_protocol.js";
-/** Widevine System ID */
-export const WIDEVINE_SID = new Uint8Array([0xed, 0xef, 0x8b, 0xa9, 0x79, 0xd6, 0x4a, 0xce, 0xa3, 0xc8, 0x27, 0xdc, 0xd5, 0x1d, 0x21, 0xed]);
+import { parseCerificate } from "./utils.js";
 /** Device type */
 export var DeviceType;
 (function (DeviceType) {
@@ -9,3 +9,8 @@ export var DeviceType;
 })(DeviceType || (DeviceType = {}));
 /** Key type */
 export const KeyType = pywidevine_license_protocol.License.KeyContainer.KeyType;
+/** License type */
+export const LicenseType = pywidevine_license_protocol.LicenseType;
+export const ROOT_CERT = parseCerificate(hexToBytes("0a9c03080012010018dd94888b05228e033082018a0282018100b4fe39c3659003db3c119709e868cdf2c35e9bf2e74d23b110db8765dfdcfb9f35a05703534cf66d357da678dbb336d23f9c40a99526727fb8be66dfc52198781516685d2f460e43cb8a8439abfbb0358022be34238bab535b72ec4bb54869533e475ffd09fda776138f0f92d64cdfae76a9bad92210a99d7145d6d7e11925859c539a97eb84d7cca8888220702620fd7e405027e225936fbc3e72a0fac1bd29b44d825cc1b4cb9c727eb0e98a173e1963fcfd82482bb7b233b97dec4bba891f27b89b884884aa18920e65f5c86c11ff6b36e47434ca8c33b1f9b88eb4e612e0029879525e4533ff11dcebc353ba7c601a113d00fbd2b7aa30fa4f5e48775b17dc75ef6fd2196ddcbe7fb0788fdc82604cbfe429065e698c3913ad1425ed19b2f29f01820d564488c835ec1f11b324e0590d37e4473cea4b7f97311c817c948a4c7d681584ffa508fd18e7e72be447271211b823ec58933cac12d2886d413dc5fe1cdcb9f8d4513e07e5036fa712e812f7b5cea696553f78b4648250d2335f91020301000112800358f1d64d04097bdfd7ef5d3b023917fa1436754a3867855712a714ee3516d53dbf4286f6690076cd93f47cb2df9e44cd4cd4ae0918534432ece0611be5da13d355c5dd1acb901e7e5bc6e90f229fbe8502fe9031cc6b0384bd22c455faf5f208cd654158e87d29da045882f53769bcf35a5784177b328770b2b0769cb2c315d111262a2375993eb97722320dbc1a19c1d565907655740f0e694d5f4d8f19afdfd6163194a8925f4fbc7a31f8ae8ead33b7e930d08c0a8a6c8335f88a81b2fe1c88ac2a66c5ffbde617d0620bdc8a45f7b03e5ac81e4a242f6ca5e31c881483d5c5ef5e9f3d854573e26b5052574cfb926c66758ad60d1baef3ecaf5122035d0a2e63939c0b0120a8a9842e17caae73ec221b79aef6a0722cdf0747db888630147821112288acd75474f9f326c2a556c8564f00291d087b7afb9589c3ee98549e3c6b94051312f671b9ab13c30c9b46087b3d326a68ca1e9c9062c5ed10b91f1725ce90b96dcdc446f5a362137402a762a4fa55d9decfa2e68074550649d5020c"));
+/** Challenge to get service certificate */
+export const SERVICE_CERTIFICATE_CHALLENGE = new Uint8Array([8, 4]);

package/dist/device.d.ts

@@ -4,22 +4,24 @@ import type { DeviceType } from './const.js';
 /** Device instance for CDM */
 export declare class Device {
     type: DeviceType;
+    clientId: pywidevine_license_protocol.ClientIdentification;
     privateKey: PrivateKey;
-    client_id: pywidevine_license_protocol.ClientIdentification;
     /**
      * Device instance for CDM
      * @param type Device type
+     * @param clientId Device client identification
      * @param privateKey Device private key
-     * @param client_id Device client identification
      */
-    constructor(type: DeviceType, privateKey: PrivateKey, client_id: pywidevine_license_protocol.ClientIdentification);
+    constructor(type: DeviceType, clientId: pywidevine_license_protocol.ClientIdentification, privateKey: PrivateKey);
     /** Device public key */
     get publicKey(): PublicKey;
     /**
      * Get device instance from dump
      * @param type Device type
-     * @param client_id Device client identification blob (`client_id.bin`)
+     * @param clientId Device client identification blob (`client_id.bin`)
      * @param privateKey Device private key blob (ASN.1 encoded)
      */
-    static decode(type: DeviceType, client_id: Uint8Array, privateKey: Uint8Array): Device;
+    static decode(type: DeviceType, clientId: Uint8Array, privateKey: Uint8Array): Device;
+    /** Get device instance from `.wvd` file */
+    static fromWvd(data: Uint8Array): Device;
 }

package/dist/device.js

@@ -3,22 +3,22 @@ import { decodePrivateKey, decodePublicKey, parseCerificate } from './utils.js';
 /** Device instance for CDM */
 export class Device {
     type;
+    clientId;
     privateKey;
-    client_id;
     /**
      * Device instance for CDM
      * @param type Device type
+     * @param clientId Device client identification
      * @param privateKey Device private key
-     * @param client_id Device client identification
      */
-    constructor(type, privateKey, client_id) {
+    constructor(type, clientId, privateKey) {
         this.type = type;
+        this.clientId = clientId;
         this.privateKey = privateKey;
-        this.client_id = client_id;
     }
     /** Device public key */
     get publicKey() {
-        const certificate = parseCerificate(this.client_id.token);
+        const certificate = parseCerificate(this.clientId.token);
         if (!certificate.public_key)
             throw new Error("Missing public key in DRM certificate");
         return decodePublicKey(certificate.public_key);
@@ -26,13 +26,42 @@ export class Device {
     /**
      * Get device instance from dump
      * @param type Device type
-     * @param client_id Device client identification blob (`client_id.bin`)
+     * @param clientId Device client identification blob (`client_id.bin`)
      * @param privateKey Device private key blob (ASN.1 encoded)
      */
-    static decode(type, client_id, privateKey) {
-        const clientId = pywidevine_license_protocol.ClientIdentification.deserialize(client_id);
-        if (!clientId.token)
+    static decode(type, clientId, privateKey) {
+        const client_id = pywidevine_license_protocol.ClientIdentification.deserialize(clientId);
+        if (!client_id.token)
             throw new Error("Missing token in Client ID");
-        return new Device(type, decodePrivateKey(privateKey), clientId);
+        return new Device(type, client_id, decodePrivateKey(privateKey));
+    }
+    /** Get device instance from `.wvd` file */
+    static fromWvd(data) {
+        const rdr = new DataView(data.buffer);
+        let offset = 0;
+        const magic = new TextDecoder().decode(data.subarray(offset, offset += 3));
+        if (magic != "WVD")
+            throw new Error("Invalid magic constant, not a WVD file");
+        const version = rdr.getUint8(offset);
+        offset += 1;
+        if (version != 1 && version != 2)
+            throw new Error("Invalid version, not a WVD file");
+        const type = rdr.getUint8(offset);
+        offset += 1;
+        const level = rdr.getUint8(offset);
+        offset += 1;
+        if (level < 1 || level > 3)
+            throw new Error("Invalid device version, not a WVD file");
+        //const flags = rdr.getUint8(offset);
+        offset += 1;
+        const privateKeyLength = rdr.getUint16(offset);
+        offset += 2;
+        const privateKey = data.slice(offset, offset += privateKeyLength);
+        const clientIdLen = rdr.getUint16(offset);
+        offset += 2;
+        const clientId = pywidevine_license_protocol.ClientIdentification.deserializeBinary(data.slice(offset, offset += clientIdLen));
+        if (!clientId.token)
+            throw new Error("Missing token in Client ID, not a WVD file");
+        return new Device(type, clientId, decodePrivateKey(privateKey));
     }
 }

package/dist/index.d.ts

@@ -5,6 +5,7 @@ import { Key } from "./key.js";
 /** Widevine Content Decryption Module (CDM) instance */
 export declare class CDM {
     device: Device;
+    static MAX_SESSIONS: number;
     private sessions;
     private signer;
     private crypter;
@@ -24,19 +25,32 @@ export declare class CDM {
      * Get license request (challenge)
      * @param sessionId Session ID
      * @param pssh PSSH object
-     * @param license_type License type (default - `STREAMING`)
+     * @param licenseType License type (default - `STREAMING`)
+     * @param privacyMode Encrypt the Client ID using service certificate (If service certificate is set)
      */
-    get_license_challenge(sessionId: string, pssh: PSSH, license_type?: pywidevine_license_protocol.LicenseType): Uint8Array;
+    getLicenseChallenge(sessionId: string, pssh: PSSH, licenseType?: pywidevine_license_protocol.LicenseType, privacyMode?: boolean): Uint8Array;
+    /**
+     * Set service certificate for privacy mode
+     * @param sessionId Session ID
+     * @param certificate Service certificate (If none remove current)
+     */
+    setServiceCertificate(sessionId: string, certificate?: Uint8Array): string | null;
+    /**
+     * Get service certificate of session
+     * @param sessionId Session ID
+     */
+    getServiceCertificate(sessionId: string): pywidevine_license_protocol.SignedDrmCertificate | null;
     /**
      * Get keys from license response
      * @param sessionId Session ID
-     * @param license_response License response
+     * @param licenseResponse License response
      */
-    parse_license(sessionId: string, license_response: Uint8Array): Key[];
-    private derive_keys;
-    private derive_context;
+    parseLicense(sessionId: string, licenseResponse: Uint8Array): Key[];
+    private encryptClientId;
+    private deriveKeys;
+    private deriveContext;
 }
-export { WIDEVINE_SID, KeyType, DeviceType } from "./const.js";
+export { KeyType, DeviceType, LicenseType, SERVICE_CERTIFICATE_CHALLENGE } from "./const.js";
 export { Device } from "./device.js";
 export { Key } from "./key.js";
-export { PSSH } from "./pssh.js";
+export { SystemID, PSSH } from "./pssh.js";

package/dist/index.js

@@ -1,14 +1,14 @@
 import { bytesToHex, concatBytes, equalBytes, numberToBytesBE, randomBytes } from "@noble/ciphers/utils.js";
-import { DeviceType } from "./const.js";
+import { DeviceType, ROOT_CERT } from "./const.js";
 import { Session } from "./session.js";
 import { PSS, OAEP, mgf1 } from 'micro-rsa-dsa-dh/rsa.js';
 import { sha1 } from "@noble/hashes/legacy.js";
 import { pywidevine_license_protocol } from "./protos/license_protocol.js";
 import { hmac } from "@noble/hashes/hmac.js";
 import { sha256 } from "@noble/hashes/sha2.js";
-import { cmac } from "@noble/ciphers/aes.js";
+import { cbc, cmac } from "@noble/ciphers/aes.js";
 import { Key } from "./key.js";
-const { LicenseType, LicenseRequest, ProtocolVersion, SignedMessage, License } = pywidevine_license_protocol;
+import { decodePublicKey } from "./utils.js";
 const ENCRYPTION_LABEL = new Uint8Array([0x45, 0x4e, 0x43, 0x52, 0x59, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x00]); // ENCRYPTION + \x00
 const ENCRYPTION_SIZE = new Uint8Array([0, 0, 0, 0x80]); // 128
 const AUTHENTICATION_LABEL = new Uint8Array([0x41, 0x55, 0x54, 0x48, 0x45, 0x4e, 0x54, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x00]); // AUTHENTICATION + \x00
@@ -16,6 +16,7 @@ const AUTHENTICATION_SIZE = new Uint8Array([0, 0, 2, 0]); // 512
 /** Widevine Content Decryption Module (CDM) instance */
 export class CDM {
     device;
+    static MAX_SESSIONS = 16;
     sessions = new Map();
     signer;
     crypter;
@@ -30,6 +31,8 @@ export class CDM {
     }
     /** Open session */
     open() {
+        if (this.sessions.size > CDM.MAX_SESSIONS)
+            throw new Error("Too many sessions");
         const session = new Session(this.sessions.size + 1);
         const id = bytesToHex(session.id);
         this.sessions.set(id, session);
@@ -48,9 +51,10 @@ export class CDM {
      * Get license request (challenge)
      * @param sessionId Session ID
      * @param pssh PSSH object
-     * @param license_type License type (default - `STREAMING`)
+     * @param licenseType License type (default - `STREAMING`)
+     * @param privacyMode Encrypt the Client ID using service certificate (If service certificate is set)
      */
-    get_license_challenge(sessionId, pssh, license_type = LicenseType.STREAMING) {
+    getLicenseChallenge(sessionId, pssh, licenseType = pywidevine_license_protocol.LicenseType.STREAMING, privacyMode = true) {
         const session = this.sessions.get(sessionId);
         if (!session)
             throw new Error("Session identifier is invalid");
@@ -59,44 +63,95 @@ export class CDM {
             request_id = new TextEncoder().encode(bytesToHex(concatBytes(randomBytes(4), new Uint8Array(4), numberToBytesBE(session.number, 8).reverse())).toUpperCase());
         else
             request_id = randomBytes(16);
-        const wvdPsshData = new LicenseRequest.ContentIdentification.WidevinePsshData();
-        wvdPsshData.pssh_data = [pssh.init_data];
-        wvdPsshData.license_type = license_type;
+        const wvdPsshData = new pywidevine_license_protocol.LicenseRequest.ContentIdentification.WidevinePsshData();
+        wvdPsshData.pssh_data = [pssh.initData];
+        wvdPsshData.license_type = licenseType;
         wvdPsshData.request_id = request_id;
-        const contentId = new LicenseRequest.ContentIdentification();
+        const contentId = new pywidevine_license_protocol.LicenseRequest.ContentIdentification();
         contentId.widevine_pssh_data = wvdPsshData;
-        const licenseRequest = new LicenseRequest();
-        licenseRequest.client_id = this.device.client_id;
+        const licenseRequest = new pywidevine_license_protocol.LicenseRequest();
+        if (!(session.serviceCertificate && privacyMode))
+            licenseRequest.client_id = this.device.clientId;
+        if (session.serviceCertificate && privacyMode)
+            licenseRequest.encrypted_client_id = this.encryptClientId(this.device.clientId, session.serviceCertificate);
         licenseRequest.content_id = contentId;
-        licenseRequest.type = LicenseRequest.RequestType.NEW;
+        licenseRequest.type = pywidevine_license_protocol.LicenseRequest.RequestType.NEW;
         licenseRequest.request_time = Math.round(Date.now() / 1000);
-        licenseRequest.protocol_version = ProtocolVersion.VERSION_2_1;
+        licenseRequest.protocol_version = pywidevine_license_protocol.ProtocolVersion.VERSION_2_1;
         licenseRequest.key_control_nonce = Math.floor(Math.random() * 2000000) + 1;
         const licenseRequestSerialized = licenseRequest.serializeBinary();
-        const signedLicenseRequest = new SignedMessage();
-        signedLicenseRequest.type = SignedMessage.MessageType.LICENSE_REQUEST;
+        const signedLicenseRequest = new pywidevine_license_protocol.SignedMessage();
+        signedLicenseRequest.type = pywidevine_license_protocol.SignedMessage.MessageType.LICENSE_REQUEST;
         signedLicenseRequest.msg = licenseRequestSerialized;
         signedLicenseRequest.signature = this.signer.sign(this.device.privateKey, licenseRequestSerialized);
-        session.context.set(bytesToHex(request_id), this.derive_context(licenseRequestSerialized));
+        session.context.set(bytesToHex(request_id), this.deriveContext(licenseRequestSerialized));
         return signedLicenseRequest.serializeBinary();
     }
+    /**
+     * Set service certificate for privacy mode
+     * @param sessionId Session ID
+     * @param certificate Service certificate (If none remove current)
+     */
+    setServiceCertificate(sessionId, certificate) {
+        const session = this.sessions.get(sessionId);
+        if (!session)
+            throw new Error("Session identifier is invalid");
+        let providerId;
+        if (!certificate) {
+            if (session.serviceCertificate) {
+                const drmCertificate = pywidevine_license_protocol.DrmCertificate.deserializeBinary(session.serviceCertificate.drm_certificate);
+                providerId = drmCertificate.provider_id;
+            }
+            else
+                providerId = null;
+            session.serviceCertificate = undefined;
+            return providerId;
+        }
+        let signedDrmCertificate;
+        try {
+            const signedMessage = pywidevine_license_protocol.SignedMessage.deserialize(certificate);
+            signedDrmCertificate = pywidevine_license_protocol.SignedDrmCertificate.deserialize(signedMessage.msg);
+            if (signedDrmCertificate.drm_certificate.length == 0)
+                throw new Error("");
+        }
+        catch (e) {
+            signedDrmCertificate = pywidevine_license_protocol.SignedDrmCertificate.deserialize(certificate);
+        }
+        if (!signedDrmCertificate.drm_certificate)
+            throw new Error("Can't decode DRM certificate");
+        if (!this.signer.verify(decodePublicKey(ROOT_CERT.public_key), signedDrmCertificate.drm_certificate, signedDrmCertificate.signature))
+            throw new Error("Signature mismatch");
+        const drmCertificate = pywidevine_license_protocol.DrmCertificate.deserializeBinary(signedDrmCertificate.drm_certificate);
+        session.serviceCertificate = signedDrmCertificate;
+        return drmCertificate.provider_id;
+    }
+    /**
+     * Get service certificate of session
+     * @param sessionId Session ID
+     */
+    getServiceCertificate(sessionId) {
+        const session = this.sessions.get(sessionId);
+        if (!session)
+            throw new Error("Session identifier is invalid");
+        return session.serviceCertificate ?? null;
+    }
     /**
      * Get keys from license response
      * @param sessionId Session ID
-     * @param license_response License response
+     * @param licenseResponse License response
      */
-    parse_license(sessionId, license_response) {
+    parseLicense(sessionId, licenseResponse) {
         const session = this.sessions.get(sessionId);
         if (!session)
             throw new Error("Session identifier is invalid");
-        const license_message = SignedMessage.deserializeBinary(license_response);
-        if (license_message.type != SignedMessage.MessageType.LICENSE)
+        const license_message = pywidevine_license_protocol.SignedMessage.deserializeBinary(licenseResponse);
+        if (license_message.type != pywidevine_license_protocol.SignedMessage.MessageType.LICENSE)
             throw new Error("Invalid message type");
-        const license = License.deserializeBinary(license_message.msg);
+        const license = pywidevine_license_protocol.License.deserializeBinary(license_message.msg);
         const context = session.context.get(bytesToHex(license.id.request_id));
         if (!context)
             throw new Error("Cannot parse a license message without first making a license request");
-        const [enc_key, mac_key_server, _] = this.derive_keys(context[0], context[1], this.crypter.decrypt(this.device.privateKey, license_message.session_key));
+        const [enc_key, mac_key_server, _] = this.deriveKeys(context[0], context[1], this.crypter.decrypt(this.device.privateKey, license_message.session_key));
         const computed_signature = hmac(sha256, mac_key_server, license_message.oemcrypto_core_message.length != 0
             ? concatBytes(license_message.oemcrypto_core_message, license_message.msg)
             : license_message.msg);
@@ -106,21 +161,32 @@ export class CDM {
         session.context.delete(bytesToHex(license.id.request_id));
         return session.keys;
     }
-    derive_keys(enc_context, mac_context, key) {
+    encryptClientId(clientId, serviceCertificate, key, iv) {
+        const privacy_key = key ?? randomBytes(16), privacy_iv = iv ?? randomBytes(16);
+        const drmCertificate = pywidevine_license_protocol.DrmCertificate.deserializeBinary(serviceCertificate.drm_certificate);
+        const encryptClientIdentification = new pywidevine_license_protocol.EncryptedClientIdentification();
+        encryptClientIdentification.provider_id = drmCertificate.provider_id;
+        encryptClientIdentification.service_certificate_serial_number = drmCertificate.serial_number;
+        encryptClientIdentification.encrypted_client_id = cbc(privacy_key, privacy_iv).encrypt(clientId.serializeBinary());
+        encryptClientIdentification.encrypted_client_id_iv = privacy_iv;
+        encryptClientIdentification.encrypted_privacy_key = this.crypter.encrypt(decodePublicKey(drmCertificate.public_key), privacy_key);
+        return encryptClientIdentification;
+    }
+    deriveKeys(encContext, macContext, key) {
         const _derive = (session_key, context, counter) => cmac(session_key, concatBytes(numberToBytesBE(counter, 1), context));
-        const enc_key = _derive(key, enc_context, 1);
-        const mac_key_server = concatBytes(_derive(key, mac_context, 1), _derive(key, mac_context, 2));
-        const mac_key_client = concatBytes(_derive(key, mac_context, 3), _derive(key, mac_context, 4));
+        const enc_key = _derive(key, encContext, 1);
+        const mac_key_server = concatBytes(_derive(key, macContext, 1), _derive(key, macContext, 2));
+        const mac_key_client = concatBytes(_derive(key, macContext, 3), _derive(key, macContext, 4));
         return [enc_key, mac_key_server, mac_key_client];
     }
-    derive_context(message) {
+    deriveContext(message) {
         return [
             concatBytes(ENCRYPTION_LABEL, message, ENCRYPTION_SIZE),
             concatBytes(AUTHENTICATION_LABEL, message, AUTHENTICATION_SIZE)
         ];
     }
 }
-export { WIDEVINE_SID, KeyType, DeviceType } from "./const.js";
+export { KeyType, DeviceType, LicenseType, SERVICE_CERTIFICATE_CHALLENGE } from "./const.js";
 export { Device } from "./device.js";
 export { Key } from "./key.js";
-export { PSSH } from "./pssh.js";
+export { SystemID, PSSH } from "./pssh.js";

package/dist/pssh.d.ts

@@ -1,15 +1,21 @@
 import { pywidevine_license_protocol } from "./protos/license_protocol.js";
+/** System IDs */
+export declare const SystemID: Record<"WIDEVINE" | "PLAYREADY", Readonly<Uint8Array>>;
+export interface PlayReadyRecord {
+    type: number;
+    value: string;
+}
 /** Protection System Specific Header (PSSH) object */
 export declare class PSSH {
     version: number;
     flags: number;
-    system_id: Uint8Array;
+    systemId: Uint8Array;
     kids: Uint8Array[];
-    init_data: Uint8Array;
+    initData: Uint8Array;
     /** Protection System Specific Header (PSSH) */
-    constructor(version: number, flags: number, system_id: Uint8Array, kids: Uint8Array[] | undefined, init_data: Uint8Array);
-    /** Get decoded payload (Widevine only) */
-    get decoded(): pywidevine_license_protocol.WidevinePsshData | null;
+    constructor(version: number, flags: number, systemId: Uint8Array, kids: Uint8Array[] | undefined, initData: Uint8Array);
+    /** Get decoded payload (Widevine and PlayReady only) */
+    get decoded(): pywidevine_license_protocol.WidevinePsshData | PlayReadyRecord[] | null;
     /** Get PSSH object from bytes */
     static decode(pssh: Uint8Array): PSSH;
 }

package/dist/pssh.js

@@ -1,30 +1,56 @@
-import { equalBytes } from "@noble/ciphers/utils.js";
+import { bytesToNumberBE, equalBytes, hexToBytes } from "@noble/ciphers/utils.js";
 import { pywidevine_license_protocol } from "./protos/license_protocol.js";
-import { WIDEVINE_SID } from "./const.js";
+/** System IDs */
+export const SystemID = {
+    WIDEVINE: hexToBytes("edef8ba979d64acea3c827dcd51d21ed"),
+    PLAYREADY: hexToBytes("9a04f07998404286ab92e65be0885f95")
+};
+const bytesToNumberLE = (bytes) => bytesToNumberBE(new Uint8Array(bytes).reverse());
 /** Protection System Specific Header (PSSH) object */
 export class PSSH {
     version;
     flags;
-    system_id;
+    systemId;
     kids;
-    init_data;
+    initData;
     /** Protection System Specific Header (PSSH) */
-    constructor(version, flags, system_id, kids = [], init_data) {
+    constructor(version, flags, systemId, kids = [], initData) {
         this.version = version;
         this.flags = flags;
-        this.system_id = system_id;
+        this.systemId = systemId;
         this.kids = kids;
-        this.init_data = init_data;
+        this.initData = initData;
     }
-    /** Get decoded payload (Widevine only) */
+    /** Get decoded payload (Widevine and PlayReady only) */
     get decoded() {
-        return equalBytes(this.system_id, WIDEVINE_SID) ? pywidevine_license_protocol.WidevinePsshData.deserialize(this.init_data) : null;
+        if (equalBytes(this.systemId, SystemID.WIDEVINE))
+            return pywidevine_license_protocol.WidevinePsshData.deserialize(this.initData);
+        else if (equalBytes(this.systemId, SystemID.PLAYREADY)) {
+            let offset = 0;
+            const proLength = bytesToNumberLE(this.initData.slice(offset, offset += 4));
+            if (proLength != BigInt(this.initData.length))
+                return null;
+            const proRecordCount = bytesToNumberLE(this.initData.slice(offset, offset += 2));
+            const records = [];
+            for (let _ = 0n; _ < proRecordCount; _++) {
+                const type = Number(bytesToNumberLE(this.initData.slice(offset, offset += 2)));
+                const length = Number(bytesToNumberLE(this.initData.slice(offset, offset += 2)));
+                if (type == 1)
+                    records.push({
+                        type,
+                        value: new TextDecoder("utf-16le").decode(this.initData.slice(offset, offset += length))
+                    });
+            }
+            return records;
+        }
+        else
+            return null;
     }
     /** Get PSSH object from bytes */
     static decode(pssh) {
         const rdr = new DataView(pssh.buffer, pssh.byteOffset);
-        // const size = rdr.getUint32(offset); offset += 4;
         let offset = 4;
+        // const size = rdr.getUint32(offset); offset += 4;
         const box_header = new TextDecoder().decode(pssh.subarray(offset, offset + 4));
         offset += 4;
         if (box_header !== "pssh")

package/dist/session.d.ts

@@ -3,7 +3,7 @@ import type { Key } from "./key.js";
 export declare class Session {
     number: number;
     id: Uint8Array;
-    servicCertificate?: pywidevine_license_protocol.SignedDrmCertificate;
+    serviceCertificate?: pywidevine_license_protocol.SignedDrmCertificate;
     context: Map<string, Uint8Array<ArrayBufferLike>[]>;
     keys: Key[];
     constructor(number: number);

package/dist/session.js

@@ -2,7 +2,7 @@ import { randomBytes } from "@noble/ciphers/utils.js";
 export class Session {
     number;
     id;
-    servicCertificate;
+    serviceCertificate;
     context = new Map();
     keys = [];
     constructor(number) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@li0ard/widevine",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "type": "module",