Skip to content

fairy-root/drm-pentesting-toolkit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
N_m3u8DL-RE
N_m3u8DL-RE
 
 
core
core
 
 
credentials
credentials
 
 
devices
devices
 
 
imgs
imgs
 
 
plugins
plugins
 
 
proxies
proxies
 
 
settings
settings
 
 
ui
ui
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.py
main.py
 
 
plugins.md
plugins.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

DRM Pentesting Toolkit

DRM Pentesting Toolkit Logo

A comprehensive, modular, plugin-based DRM pentesting toolkit with a modern CustomTKinter GUI. The toolkit supports device and credentials profile management, plugin stacking, PSSH/MPD parsing, license/key extraction, M3U writing, content downloading, and dynamic credential handling. The UI features a dark theme and allows users to select devices and credentials profiles, automatically detecting credential types and exposing them to plugins as needed.

🖥️ User Interface Overview

MPD Data Tab - DRM Pentesting Toolkit

📄 MPD Data Tab

Configure MPD manifest URLs, headers, cookies, and HTTP methods for content discovery


License Data Tab - DRM Pentesting Toolkit

🔐 License Data Tab

Set up license server URLs, authentication headers, and request parameters for key extraction


Logs & Output Tab - DRM Pentesting Toolkit

📝 Logs & Output Tab

Monitor real-time plugin execution, view detailed logs, and manage the plugin execution stack


Downloads Tab - DRM Pentesting Toolkit

⬇️ Downloads Tab

Track download progress, manage active transfers, and monitor completed downloads with detailed statistics

Key Features

Modular Plugin Architecture

  • Dynamic Plugin Discovery: Plugins are automatically loaded from the plugins/ directory
  • Stackable Execution: Plugins can be chained together with context passing between them
  • Auto-Detection: Plugin arguments are automatically detected through function introspection
  • Hot Reloading: Plugins can be rescanned without restarting the application
  • Subfolder Support: Organize plugins in subdirectories for better management

Modern GUI Interface

  • CustomTKinter Framework: Modern, dark-themed interface with responsive design
  • Tabbed Interface: Organized into dedicated tabs for MPD Data, License Data, Logs & Output, and Downloads
  • HTTP Method Selection: Separate method dropdowns for MPD (GET default) and License (POST default) requests
  • Real-time State Management: All UI state is automatically saved and restored
  • Downloads Tab: Monitor and control active/completed downloads with progress tracking
  • Plugin Stack Management: Visual plugin queue with drag-and-drop-like functionality
  • Always-on-Top Option: Optional window pinning for workflow convenience
  • Context Menus: Right-click menus for enhanced workflow efficiency

Device Management

  • Multi-DRM Support:
    • Widevine (.wvd files) via pywidevine
    • PlayReady (.prd files) via pyplayready
  • Auto-Discovery: Devices are automatically detected from devices/ subdirectories
  • Validation Plugins: Built-in device validation for both Widevine and PlayReady
  • CDM Session Management: Automatic CDM instance creation and session handling

Advanced Credentials System

  • Profile-Based Management: Store credentials in organized .txt files
  • Auto-Type Detection: Regex-based credential type identification
  • Flexible Formats: Support for username:password, email:password, API keys, MAC addresses
  • Plugin Integration: Automatic credential mapping to plugin parameters
  • Environment Configuration: Fully configurable via settings/environment.ini

Comprehensive Proxy Support

  • Multiple Formats: Support for authenticated and non-authenticated proxies
  • Auto-Detection: Proxy files automatically discovered from proxies/ directory
  • Plugin Integration: Proxy configurations passed to relevant plugins
  • Format Flexibility: Support for host:port and host:port:username:password

Content Discovery & Analysis

  • PSSH Extraction: Automatic PSSH parsing from MPD manifests with custom HTTP methods
  • License Handling: Support for various license server formats and authentication methods
  • Search Integration: Built-in search query system for content discovery and custom filename support
  • Multi-Platform: Example plugins for major streaming platforms
  • Flexible Request Configuration: Separate headers, cookies, and POST data for MPD and License requests

Integrated Download System

  • N_m3u8DL-RE Integration: Full integration with the powerful N_m3u8DL-RE downloader
  • Custom Filename Support: Use search queries to automatically name downloaded content
  • Multi-Key Support: Automatic handling of multiple decryption keys
  • Progress Monitoring: Real-time download progress and status tracking
  • Background Processing: Non-blocking downloads with process management
  • Output Organization: Structured output directory with automatic file detection

Advanced Features

  • State Persistence: Complete application state saving and restoration
  • Error Handling: Comprehensive error management with detailed logging
  • Plugin Validation: Built-in validation for device files and configurations
  • Extensible Architecture: Easy addition of new plugins and features
  • Cross-Platform: Works on Windows, macOS, and Linux

Project Structure

drm-pentesting-toolkit/
├── main.py                     # Application entry point
├── requirements.txt            # Python dependencies with version constraints
├── README.md                   # Comprehensive documentation (this file)
├── plugins.md                  # Detailed plugin development guide
├── LICENSE                     # MIT License
│
├── core/                       # Core framework modules
│   ├── __init__.py
│   └── plugin_manager.py       # Plugin discovery, loading, and execution engine
│
├── ui/                         # User interface components
│   ├── __init__.py
│   └── main_window.py          # Main CustomTKinter GUI with tabs and controls
│
├── plugins/                    # Plugin ecosystem
│   ├── 1_load_devices.py       # Device file loading (Widevine/PlayReady)
│   ├── 2_parse_pssh.py         # MPD parsing and PSSH extraction
│   ├── 3_shahid_license.py     # Shahid platform license generation (example)
│   ├── 4_send_license.py       # License server communication and key extraction
│   ├── 5_write_m3u.py          # M3U playlist generation with keys
│   ├── 6_n_m3u8dl_re.py        # Content downloading via N_m3u8DL-RE
│   ├── 7_wvd_validation.py     # Widevine device validation
│   └── 8_prd_validation.py     # PlayReady device validation
│
├── devices/                    # DRM device files
│   ├── playready/              # PlayReady device files (*.prd)
│   └── widevine/               # Widevine device files (*.wvd)
│
├── credentials/                # Credential profiles
│   └── example.txt             # Example credentials file format
│
├── proxies/                    # Proxy configuration files
│   └── sample_proxies.txt      # Example proxy configurations
│
├── N_m3u8DL-RE/               # Download tool integration
│   ├── N_m3u8DL-RE.exe        # Main downloader executable
│   └── shaka-packager.exe     # Video processing tool
│
├── OUTPUT/                     # Downloaded content directory
│   └── (generated files)      # Downloaded videos, audio, and subtitles
│
├── settings/                   # Configuration and state
│   ├── environment.ini         # Credential types and validation rules
│   ├── savestate.json         # UI state persistence
│   └── downloads_state.json   # Download progress and history
│
└── imgs/                      # Application assets
    ├── app.png                # Application icon
    ├── icon.ico               # Windows icon
    └── ui.png                 # UI screenshot

Quick Start

Prerequisites

  • Python 3.8+ (Recommended: Python 3.9 or 3.10)
  • Windows/macOS/Linux (Cross-platform compatibility)
  • DRM Device Files (.wvd or .prd files - not included)

Installation

  1. Clone the repository:

    git clone https://github.com/fairy-root/drm-pentesting-toolkit.git
cd drm-pentesting-toolkit

  2. Install dependencies:

    pip install -r requirements.txt

  3. Set up device files (Required):

    # Place your device files in the appropriate directories:
# - Widevine devices: devices/widevine/*.wvd
# - PlayReady devices: devices/playready/*.prd

    [!IMPORTANT] Device files are not included with this toolkit. You must obtain valid .wvd (Widevine) or .prd (PlayReady) device files through legitimate means.

  4. Download N_m3u8DL-RE (Optional but recommended):

  5. Run the application:

    python main.py

First Run Setup

  1. Add credentials (optional):

    • Create .txt files in the credentials/ folder
    • Format: username:password (one per line)
    • Example: credentials/netflix.txt

  2. Add proxies (optional):

    • Create .txt files in the proxies/ folder
    • Format: host:port or host:port:username:password
    • Example: proxies/vpn_proxies.txt

  3. Validate your setup:

    • Select a device file from the dropdown
    • Add 1_load_devices to the plugin stack
    • Run to verify device loading works

Usage Guide

Basic Workflow

  1. Select Device & Credentials:

    • Choose a device file (.wvd or .prd) from the dropdown
    • Optionally select a credentials profile
    • Enable "Expose Credentials to Plugins" if needed
    • Configure proxy settings if required

  2. Build Plugin Stack:

    • Double-click plugins from the "Available Plugins" list
    • They'll be added to the "Plugin Stack" in execution order
    • Use the stack listbox to manage execution order

  3. Configure Input Data:

    • Enter MPD URLs, search queries, or other required data
    • The toolkit automatically passes data between plugins

  4. Execute & Monitor:

    • Click "Run Stack" to execute all plugins in sequence
    • Monitor progress in the log area
    • View download progress in the Downloads tab

Common Plugin Sequences

DRM Key Extraction Workflow:

1. 1_load_devices.py       → Load device and create CDM session
2. 2_parse_pssh.py         → Extract PSSH from MPD manifest
3. 4_send_license.py       → Get decryption keys from license server
4. 5_write_m3u.py          → Generate M3U playlist with keys

Content Download Workflow:

1. 1_load_devices.py       → Load device and create CDM session
2. 2_parse_pssh.py         → Extract PSSH from MPD manifest  
3. 4_send_license.py       → Get decryption keys from license server
4. 6_n_m3u8dl_re.py        → Download and decrypt content

Device Validation:

1. 7_wvd_validation.py     → Validate Widevine device
# OR
1. 8_prd_validation.py     → Validate PlayReady device

Downloads Management

The Downloads tab provides comprehensive download monitoring:

  • Active Downloads: Real-time progress, ETA, and speed
  • Completed Downloads: File sizes, completion times, and status
  • Controls: Stop, kill, or clear downloads
  • Refresh: Manual refresh or auto-refresh every 3 seconds

Plugin System

Core Plugin Architecture

The toolkit uses a sophisticated plugin system with automatic discovery and argument injection:

def run(device_file=None, search_query=None, USER=None, PASS=None, **kwargs):
    """
    Plugin entry point with automatic argument detection.
    
    The plugin manager automatically provides arguments based on:
    - Function signature inspection
    - Available context from previous plugins
    - UI configuration (device, credentials, etc.)
    """
    # Your plugin logic here
    return {
        "result_data": "processed_value",
        "preview": "Short description for UI display"
    }

Available Plugins

🔧 Core System Plugins

Plugin Description Input Parameters Output
1_load_devices.py Load Widevine/PlayReady devices device_file device, cdm, session_id
2_parse_pssh.py Extract PSSH from MPD manifests mpd_url pssh
4_send_license.py License server communication license_url, pssh, cdm, session_id keys
5_write_m3u.py Generate M3U playlists keys, mpd_url m3u_content, m3u_file

Download & Processing

Plugin Description Features
6_n_m3u8dl_re.py Content download via N_m3u8DL-RE Multi-key support, progress monitoring, background processing

Validation & Testing

Plugin Description Purpose
7_wvd_validation.py Widevine device validation Verify device integrity and functionality
8_prd_validation.py PlayReady device validation Verify device integrity and functionality

Platform-Specific (Examples)

Plugin Description Platform
3_shahid_license.py Shahid license generation Shahid VIP streaming platform

Plugin Development

Create new plugins by:

  1. Adding a Python file to the plugins/ directory
  2. Implementing a run() function with appropriate parameters
  3. Returning a dictionary with results and a preview key

See plugins.md for comprehensive development guide.

Configuration

Credentials System

Configure credential types in settings/environment.ini:

[WORDLIST TYPE]
Name=Credentials
Regex=^.*:.*$
Verify=True
Separator=:
Slices=USERNAME,PASSWORD
SlicesAlias=USER,PASS

[EMAIL TYPE]
Name=Email
Regex=^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}:.*$
Verify=True
Separator=:
Slices=EMAIL,PASSWORD
SlicesAlias=EMAIL,PASS

[API TYPE]
Name=API
Regex=^[A-Za-z0-9_-]{20,}$
Verify=True
Separator=
Slices=APIKEY
SlicesAlias=APIKEY

Proxy Configuration

Add proxy files to proxies/ directory:

# Non-authenticated proxies
192.168.1.100:8080
proxy.example.com:3128

# Authenticated proxies  
premium.proxy.com:8080:username:password
corporate.proxy.net:3128:user123:pass456

State Persistence

The toolkit automatically saves:

  • UI Configuration: Selected devices, credentials, proxy settings
  • Plugin Stack: Current plugin queue and execution order
  • Download History: Active and completed download tracking
  • Application State: Window position, tab selection, field values

Examples

Example 1: Basic Key Extraction

# Plugin execution sequence for extracting Widevine keys
plugins = [
    "1_load_devices",      # Load device.wvd
    "2_parse_pssh",        # Extract PSSH from MPD
    "4_send_license",      # Get keys from license server  
    "5_write_m3u"          # Generate M3U with keys
]

# Input data
mpd_url = "https://example.com/content.mpd"
license_url = "https://example.com/license"
device_file = "devices/widevine/device.wvd"

Example 2: Content Download with Custom Filename

# Plugin execution sequence for downloading content
plugins = [
    "1_load_devices",      # Load device.wvd
    "2_parse_pssh",        # Extract PSSH from MPD
    "4_send_license",      # Get keys from license server
    "6_n_m3u8dl_re"        # Download content with custom name
]

# Input data
mpd_url = "https://example.com/content.mpd"
license_url = "https://example.com/license"
search_query = "Movie Title S01E01"  # Used as custom filename
device_file = "devices/widevine/device.wvd"

Downloaded files saved to OUTPUT/ directory with custom name

- video files (Movie_Title_S01E01.mp4/mkv)

- audio tracks (Movie_Title_S01E01_audio.m4a)

- subtitle files (Movie_Title_S01E01.srt/ass)


### Example 3: Device Validation

```python
# Validate Widevine device integrity
plugins = ["7_wvd_validation"]

# Or validate PlayReady device
plugins = ["8_prd_validation"]

Advanced Features

Plugin Hot Reloading

  • Click "Rescan" button to reload plugins without restarting
  • Useful during plugin development and testing
  • Automatically detects new plugins and updates the available list

Background Download Management

  • Downloads run in separate processes
  • Non-blocking UI during download operations
  • Automatic progress tracking and status updates
  • Comprehensive error handling and recovery

Cross-Platform Compatibility

  • Windows: Full support with native executable handling
  • macOS: Complete compatibility with Unix-style paths
  • Linux: Full support with package manager integration

Security Features

  • Credential Isolation: Credentials only passed to requesting plugins
  • Process Isolation: Downloads run in separate processes
  • Secure Storage: No plaintext credential storage in memory
  • Error Isolation: Plugin failures don't crash the application

Troubleshooting

Common Issues

Device Loading Errors

Error: Device file not found
Solution: Verify device file path and permissions
Check: devices/widevine/*.wvd or devices/playready/*.prd

Plugin Import Errors

Error: Module 'pywidevine' not found
Solution: pip install -r requirements.txt
Check: Python environment and package versions

Download Failures

Error: N_m3u8DL-RE executable not found
Solution: Download and place in N_m3u8DL-RE/ directory
Check: File permissions and PATH configuration

Credentials Not Detected

Error: Credentials format not recognized
Solution: Verify format matches environment.ini regex patterns
Check: File encoding (should be UTF-8)

Debug Mode

Enable detailed logging by:

  1. Running from terminal/command prompt
  2. Checking console output for detailed error messages
  3. Reviewing plugin-specific error returns

Performance Optimization

  • Large Plugin Stacks: Break into smaller sequences
  • Memory Usage: Close unused CDM sessions
  • Download Speed: Configure optimal thread counts in N_m3u8DL-RE
  • UI Responsiveness: Use background processing for long operations
  • The UI lists all discovered plugins. Users can add plugins to a "runnable stack" to define execution order.
  • The UI provides a "Rescan" button to reload the list of plugins after adding or removing plugins.
  • Example plugin signature: 
    def run(*args, **kwargs):
    # Your plugin logic here
    return {
        'result_key': value,
        'error': 'Error message (optional)',
        'preview': 'Short summary for the UI/log area'
    }
  • Example plugin chain:
    1. 1_load_devices.py → loads a device, returns device, cdm, session_id.
    2. 2_parse_pssh.py → fetches MPD, extracts PSSH.
    3. 4_send_license.py → sends license request, extracts keys.
    4. 5_write_m3u.py → writes output, expects keys and other info from previous plugins.
  • Best Practices:
    • Keep plugins stateless—all state should be passed via arguments/context.
    • Document your plugin with a docstring for the run() function.
    • Return clear, user-friendly preview messages for the UI.
    • Handle all exceptions and always clean up resources (e.g., close CDM sessions).
    • Use only standard libraries and toolkit dependencies.
    • Plugin arguments are automatically detected, so no need to modify the plugin manager when adding new plugins.

For advanced plugin development, argument extraction, and more examples, see plugins.md.

Profiles

  • Credentials profiles are .txt files in the credentials/ folder.
  • Each line contains credentials in a format defined by settings/environment.ini.
  • The system automatically detects credential types using regex patterns.
  • Supported types (configurable in environment.ini):
    • Credentials: username:password format
    • Email: email@domain.com:password format
    • MAC: MAC address format
    • API: API key format
  • Example credentials file: 
    user1:pass1
user2:pass2
admin:secret123
  • The GUI will list all .txt files in credentials/ as selectable profiles.
  • If enabled, credentials are automatically mapped to plugin parameters using SlicesAlias configuration.
  • If "No Credentials" is selected, no credentials are exposed to plugins.

Configuration

The settings/environment.ini file defines credential types and validation rules:

[WORDLIST TYPE]
Name=Credentials
Regex=^.*:.*$
Verify=True
Separator=:
Slices=USERNAME,PASSWORD
SlicesAlias=USER,PASS

[MAC TYPE]
Name=MAC
Regex=^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$
Verify=True
Separator=
Slices=MAC
SlicesAlias=MAC
  • Name: Display name for the credential type
  • Regex: Pattern to match and validate credentials
  • Separator: Character used to split credential components
  • Slices: Internal field names
  • SlicesAlias: Parameter names exposed to plugins

Plugins

  • 1_load_devices.py: Loads a device file, creates a CDM and session.
  • 2_parse_pssh.py: Fetches the MPD URL and extracts the Widevine PSSH using regex.
  • 3_shahid_license.py: Generates a real Shahid license URL using HMAC and API call.
  • 4_send_license.py: Uses the CDM/session to get a challenge, sends the license request, parses the license, and extracts the content key. Supports sending cookies.
  • 5_write_m3u.py: Returns an M3U string and writes it to a file (with error handling for missing directories).
  • 6_n_m3u8dl_re.py: Downloads and decrypts content using N_m3u8DL-RE with extracted keys, supporting multiple formats and flexible configurations.
  • 7_wvd_validation: checks the validity of the wvd device.
  • 8_prd_validation: checks the validity of the prd device.

the Toolkit

  • To add a new plugin, drop a Python file in the plugins/ folder with a run() function as described above.
  • Plugin arguments are automatically detected through function introspection - no need to modify the plugin manager.
  • To add new credential types, simply update settings/environment.ini with new regex patterns and field mappings.
  • Plugins can access and use any context passed from previous plugins.
  • See plugins.md for a full guide to plugin conventions, argument passing, and best practices.

Troubleshooting

  • Device file not found: Ensure the correct .wvd or .prd file is in the right folder.
  • Credentials profile not listed: Ensure the .txt file is in the credentials/ folder and matches a regex pattern in environment.ini.
  • Plugin errors: Check the log area for detailed error messages.
  • Credentials not detected: Verify the credential format matches the regex patterns defined in settings/environment.ini.

Here’s a strong, comprehensive disclaimer suitable for a DRM-related GitHub project:

⚠️ LEGAL DISCLAIMER

This project is intended solely for educational, research, and lawful security auditing purposes. It is designed to aid security professionals, penetration testers, and reverse engineers in understanding the mechanics of Digital Rights Management (DRM) systems such as Widevine, PlayReady, and others — including how they can be assessed for vulnerabilities, misconfigurations, or implementation flaws in controlled environments.

By using, cloning, modifying, or contributing to this project, you acknowledge and agree to the following:

  • You are solely responsible for complying with all applicable local, national, and international laws and regulations.
  • You will not use this toolkit to access, extract, distribute, or manipulate copyrighted content or any digital media protected by DRM without proper authorization or legal entitlement.
  • You understand this toolkit is not a piracy tool and was not designed or intended to bypass DRM protections for illegal or unethical use.
  • The maintainers, contributors, and authors do not condone any illegal activity and will not be held liable for misuse, damage, or legal consequences resulting from the use of this codebase.

This project is provided "as is", without warranty of any kind. Use at your own risk.

Donation

Your support is appreciated:

  • USDt (TRC20): TGCVbSSJbwL5nyXqMuKY839LJ5q5ygn2uS
  • BTC: 13GS1ixn2uQAmFQkte6qA5p1MQtMXre6MT
  • ETH (ERC20): 0xdbc7a7dafbb333773a5866ccf7a74da15ee654cc
  • LTC: Ldb6SDxUMEdYQQfRhSA3zi4dCUtfUdsPou

Author

Contributing

If you would like to contribute to this project, feel free to fork the repository and submit pull requests. Ensure that your code follows the existing structure, and test it thoroughly.

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

A modular DRM pentesting toolkit with a modern CustomTkinter GUI. Supports plugin stacking, device/credential profiles, PSSH/MPD parsing, license/key extraction, M3U generation, and dynamic credential handling.

Resources

Readme

License

View license
Activity

Stars

39 stars

Watchers

0 watching

Forks

10 forks
Report repository

Releases 2

DRMPentestingToolkit v1.0.1 Latest
Jul 14, 2025
+ 1 release

Packages

 
 
 

Contributors

Languages