From 6b0ce3193961dafbd2ac8eb9a9d1df062b2aa03a Mon Sep 17 00:00:00 2001 From: Peter Rowlands Date: Sat, 5 Oct 2024 00:59:58 +0900 Subject: [PATCH] [fd/dash, pp/ffmpeg] support DASH CENC decryption --- yt_dlp/YoutubeDL.py | 10 +++++++ yt_dlp/downloader/dash.py | 46 ++++++++++++++++++++++++++++++++ yt_dlp/postprocessor/__init__.py | 1 + yt_dlp/postprocessor/ffmpeg.py | 26 +++++++++++++++--- 4 files changed, 79 insertions(+), 4 deletions(-) diff --git a/yt_dlp/YoutubeDL.py b/yt_dlp/YoutubeDL.py index 4f45d7faf6..0e86fd7bcf 100644 --- a/yt_dlp/YoutubeDL.py +++ b/yt_dlp/YoutubeDL.py @@ -48,6 +48,7 @@ from .plugins import directories as plugin_directories from .postprocessor import _PLUGIN_CLASSES as plugin_pps from .postprocessor import ( EmbedThumbnailPP, + FFmpegCENCDecryptPP, FFmpegFixupDuplicateMoovPP, FFmpegFixupDurationPP, FFmpegFixupM3u8PP, @@ -3384,6 +3385,8 @@ class YoutubeDL: self.report_error(f'{msg}. Aborting') return + decrypter = FFmpegCENCDecryptPP(self) + info_dict.setdefault('__files_to_cenc_decrypt', []) if info_dict.get('requested_formats') is not None: old_ext = info_dict['ext'] if self.params.get('merge_output_format') is None: @@ -3464,8 +3467,12 @@ class YoutubeDL: downloaded.append(fname) partial_success, real_download = self.dl(fname, new_info) info_dict['__real_download'] = info_dict['__real_download'] or real_download + if new_info.get('dash_cenc', {}).get('key'): + info_dict['__files_to_cenc_decrypt'].append((fname, new_info['dash_cenc']['key'])) success = success and partial_success + if downloaded and info_dict['__files_to_cenc_decrypt'] and decrypter.available: + info_dict['__postprocessors'].append(decrypter) if downloaded and merger.available and not self.params.get('allow_unplayable_formats'): info_dict['__postprocessors'].append(merger) info_dict['__files_to_merge'] = downloaded @@ -3482,6 +3489,9 @@ class YoutubeDL: # So we should try to resume the download success, real_download = self.dl(temp_filename, info_dict) info_dict['__real_download'] = real_download + if info_dict.get('dash_cenc', {}).get('key') and decrypter.available: + info_dict['__postprocessors'].append(decrypter) + info_dict['__files_to_cenc_decrypt'] = [(temp_filename, info_dict['dash_cenc']['key'])] else: self.report_file_already_downloaded(dl_filename) diff --git a/yt_dlp/downloader/dash.py b/yt_dlp/downloader/dash.py index afc79b6caf..84ff79c8af 100644 --- a/yt_dlp/downloader/dash.py +++ b/yt_dlp/downloader/dash.py @@ -1,8 +1,13 @@ +import base64 +import binascii +import json import time import urllib.parse from . import get_suitable_downloader from .fragment import FragmentFD +from ..networking import Request +from ..networking.exceptions import RequestError from ..utils import update_url_query, urljoin @@ -60,6 +65,9 @@ class DashSegmentsFD(FragmentFD): args.append([ctx, fragments_to_download, fmt]) + if 'dash_cenc' in info_dict and not info_dict['dash_cenc'].get('key'): + self._get_clearkey_cenc(info_dict) + return self.download_and_append_fragments_multiple(*args, is_fatal=lambda idx: idx == 0) def _resolve_fragments(self, fragments, ctx): @@ -88,3 +96,41 @@ class DashSegmentsFD(FragmentFD): 'index': i, 'url': fragment_url, } + + def _get_clearkey_cenc(self, info_dict): + dash_cenc = info_dict.get('dash_cenc', {}) + laurl = dash_cenc.get('laurl') + if not laurl: + self.report_error('No Clear Key license server URL for encrypted DASH stream') + return + key_ids = dash_cenc.get('key_ids') + if not key_ids: + self.report_error('No requested CENC KIDs for encrypted DASH stream') + return + payload = json.dumps({ + 'kids': [ + base64.urlsafe_b64encode(bytes.fromhex(k)).decode().rstrip('=') + for k in key_ids + ], + 'type': 'temporary', + }).encode() + try: + response = self.ydl.urlopen(Request( + laurl, data=payload, headers={'Content-Type': 'application/json'})) + data = json.loads(response.read()) + except (RequestError, json.JSONDecodeError) as err: + self.report_error(f'Failed to retrieve key from Clear Key license server: {err}') + return + keys = data.get('keys', []) + if len(keys) > 1: + self.report_warning('Clear Key license server returned multiple keys but only single key CENC is supported') + for key in keys: + k = key.get('k') + if k: + try: + dash_cenc['key'] = base64.urlsafe_b64decode(f'{k}==').hex() + info_dict['dash_cenc'] = dash_cenc + return + except (ValueError, binascii.Error): + pass + self.report_error('Clear key license server did not return any valid CENC keys') diff --git a/yt_dlp/postprocessor/__init__.py b/yt_dlp/postprocessor/__init__.py index 164540b5db..8673724065 100644 --- a/yt_dlp/postprocessor/__init__.py +++ b/yt_dlp/postprocessor/__init__.py @@ -8,6 +8,7 @@ from .ffmpeg import ( FFmpegCopyStreamPP, FFmpegEmbedSubtitlePP, FFmpegExtractAudioPP, + FFmpegCENCDecryptPP, FFmpegFixupDuplicateMoovPP, FFmpegFixupDurationPP, FFmpegFixupM3u8PP, diff --git a/yt_dlp/postprocessor/ffmpeg.py b/yt_dlp/postprocessor/ffmpeg.py index 164c46d143..6670a3d418 100644 --- a/yt_dlp/postprocessor/ffmpeg.py +++ b/yt_dlp/postprocessor/ffmpeg.py @@ -331,7 +331,7 @@ class FFmpegPostProcessor(PostProcessor): [(path, []) for path in input_paths], [(out_path, opts)], **kwargs) - def real_run_ffmpeg(self, input_path_opts, output_path_opts, *, expected_retcodes=(0,)): + def real_run_ffmpeg(self, input_path_opts, output_path_opts, *, prepend_opts=None, expected_retcodes=(0,)): self.check_version() oldest_mtime = min( @@ -342,6 +342,9 @@ class FFmpegPostProcessor(PostProcessor): if self.basename == 'ffmpeg': cmd += [encodeArgument('-loglevel'), encodeArgument('repeat+info')] + if prepend_opts: + cmd += prepend_opts + def make_args(file, args, name, number): keys = [f'_{name}{number}', f'_{name}'] if name == 'o': @@ -857,12 +860,23 @@ class FFmpegMergerPP(FFmpegPostProcessor): return True +class FFmpegCENCDecryptPP(FFmpegPostProcessor): + @PostProcessor._restrict_to(images=False) + def run(self, info): + for filename, key in info.get('__files_to_cenc_decrypt', []): + temp_filename = prepend_extension(filename, 'temp') + self.to_screen(f'Decrypting "{filename}"') + self.run_ffmpeg(filename, temp_filename, self.stream_copy_opts(), prepend_opts=['-decryption_key', key]) + os.replace(temp_filename, filename) + return [], info + + class FFmpegFixupPostProcessor(FFmpegPostProcessor): - def _fixup(self, msg, filename, options): + def _fixup(self, msg, filename, options, prepend_opts=None): temp_filename = prepend_extension(filename, 'temp') self.to_screen(f'{msg} of "{filename}"') - self.run_ffmpeg(filename, temp_filename, options) + self.run_ffmpeg(filename, temp_filename, options, prepend_opts=prepend_opts) os.replace(temp_filename, filename) @@ -934,7 +948,11 @@ class FFmpegCopyStreamPP(FFmpegFixupPostProcessor): @PostProcessor._restrict_to(images=False) def run(self, info): - self._fixup(self.MESSAGE, info['filepath'], self.stream_copy_opts()) + self._fixup( + self.MESSAGE, + info['filepath'], + self.stream_copy_opts(), + ) return [], info