Widevine Download Helper++ - Additional Information
This Tampermonkey/Violentmonkey userscript assists in extracting Widevine Content Decryption Module (CDM) information needed for potential decryption purposes. It automatically detects and displays the PSSH (Protection System Specific Header Data), License URL, associated Request Headers, and often the MPD (Media Presentation Description) URL directly on the webpage via a convenient floating popup.
Based on: This script is a modification and enhancement of the original EME Logger by cramer, significantly extended by TheGuy007.
Disclaimer: This tool is intended for educational purposes, security research, or for making legitimate personal backups of content you own or have the rights to access. Using this script to circumvent copyright protection on content you do not own may be illegal in your country and violates the terms of service of most streaming providers. Use responsibly and ethically.
---
Key Features
- Automatic Data Detection: Intercepts browser communications to find:
- PSSH: Captured from the EME `generateRequest` call.
- License URL: Detected by scanning network requests (Fetch/XHR) for common keywords (
widevine, license, etc.). - Request Headers: Captures the HTTP headers sent with the license request, often crucial for authentication.
- MPD URL: Attempts to find the manifest URL (usually ending in
.mpd) from network requests.
- Floating Popup UI: Displays the captured data in a discreet, always-on-top window on the page.
- Selective Activation: IMPORTANT: The popup only appears on websites you explicitly allow ("remember") via the Tampermonkey menu, preventing it from running unnecessarily on every site.
- Click-to-Copy: Simply click on the PSSH, License URL, Headers (formatted as JSON), or MPD URL in the popup to copy the value directly to your clipboard. A "Copied!" confirmation appears briefly.
- Collapsible UI: Click the popup title to minimize it to a small dot, reducing screen clutter. Click the dot to expand it again.
- Send to cdrm-project API: Includes a button ("Send to API") that appears once PSSH, License URL, and Headers are detected. Clicking this sends the data to the
cdrm-project.com API to attempt key retrieval. (See notes below) - API Response Display: Shows the response received from the cdrm-project API directly in the popup. If the response contains keys or a message, it becomes clickable to copy.
- Help Button & Instructions: If the script doesn't find the License or MPD URL after a short delay (10 seconds), a '?' button appears. Clicking it shows brief instructions on how to manually find the data using browser developer tools (F12).
- Scrollable Content: The popup content area scrolls if the data (especially headers) is lengthy.
- Detailed Console Logging: Provides informative messages in the browser's developer console (F12) about its actions, detections, and any errors encountered.
- Site Management Commands: Easily manage the list of allowed sites via the Tampermonkey extension icon menu:
Remember "[hostname]" for Popup: Adds the current site.Forget "[hostname]" for Popup: Removes the current site.Clear All Remembered Sites: Removes all sites from the list.
---
How it Works
- Interception: The script runs at
document-start to install "hooks" into the browser's core functions related to media playback and network requests before the page fully loads them. Specifically, it proxies:MediaKeySession.prototype.generateRequest: To grab the initialization data (which contains the PSSH).window.fetch: To inspect network requests made using the Fetch API.XMLHttpRequest.prototype.open, setRequestHeader, and send: To inspect network requests made using XHR.
- Keyword Matching: It examines the URLs of intercepted network requests, looking for keywords like
widevine, license, licence, getlicence, auth to identify the potential license acquisition request, and mpd for the manifest file. - Data Storage: Once potential candidates are found, it stores the PSSH (Base64 encoded), License URL, associated Request Headers (as a JSON object), and MPD URL in internal variables.
- UI Display: If the current website's hostname is in the user-managed "allowed sites" list (stored using
GM_setValue), the script creates and displays the floating popup UI. It dynamically updates the fields in the popup as data is captured. - API Interaction: When the "Send to API" button is clicked, it uses
GM_xmlhttpRequest (necessary for cross-domain requests from a userscript) to send a POST request containing the PSSH, License URL, and Headers (as a JSON string) to the specified cdrm-project.com endpoint. The response is then displayed.
---
How to Use
1. Install Userscript Manager: Make sure you have a userscript manager extension installed in your browser (e.g., Tampermonkey or Violentmonkey).
2. Install Script: Install the "Widevine Download Helper+++" script.
3. Navigate to Target Site: Go to the website containing the Widevine-protected video you want to analyze.
4. Remember the Site:
* Click the Tampermonkey (or Violentmonkey) extension icon in your browser toolbar.
* Find "Widevine Download Helper+++" in the list of running scripts.
* Click on Remember "[current website hostname]" for Popup.
* A confirmation alert will appear.
* Reload the page (F5 or Ctrl+R/Cmd+R). This is crucial for the script to activate fully on the now-remembered site.
5. Play the Video: Start playing the protected video content. This usually triggers the license request needed by the script.
6. Observe the Popup: The "Widevine Helper +++" popup should appear (usually in the top-right corner). Watch as the fields ("PSSH:", "License URL:", "Headers:", "MPD url:") populate. They will initially say "Waiting...".
* If data doesn't appear after starting playback: Check the Developer Console (F12 -> Console tab) for logs or errors from the script. You might need to interact with the player more (e.g., seek, change quality) or try the manual steps via the Help ('?') button if it appears.
7. Copy Data: Once a value (like PSSH or License URL) appears and is no longer "Waiting...", click directly on the value text within the popup. It will be copied to your clipboard, and a temporary "Copied!" message will show. The headers are copied as a minified JSON string.
8. (Optional) Use API: If/When the PSSH, License URL, and Headers fields are all populated, the "Send to API" button will become visible and enabled.
* Click the button to send this data to cdrm-project.com.
* The button will disable, and a "Sending request..." message will appear below it.
* Wait for the response. The result (success message with keys, error message, etc.) will be displayed in the area below the button.
* If the response contains useful text (like decryption keys), the response text itself will become underlined and clickable to copy.
9. Manage Sites: Use the Tampermonkey menu commands (Forget "[hostname]"..., Clear All Remembered Sites) as needed to control where the script's popup appears. Remember to reload the page after forgetting a site for the change to take effect.
10. Use UI Features: Click the title bar to collapse/expand the popup. Click the '?' button (if it appears) for manual detection hints.
---
Important Notes & Considerations
* cdrm-project API: This script integrates with a specific third-party service (cdrm-project.com).
* The availability, reliability, and functionality of this external API are **not guaranteed** by the script author. It may go offline, change, or require authentication in the future.
* Sending data (PSSH, License URL, Headers) to this service means sharing potentially sensitive information. Understand the implications before using the "Send to API" button. Headers, in particular, might contain session cookies or tokens.
* Detection Isn't Perfect: While the script tries common keywords, some websites use non-standard URLs or complex methods for license requests. Automatic detection might fail on certain sites. The manual steps (via the Help button or general F12 Network tab inspection) are the fallback.
* No Downloads: This script *only* helps extract the necessary *data* (PSSH, license URL, headers, keys via API). It **does not** download the video/audio content itself. You would typically use this data with other tools (like yt-dlp, N_m3u8DL-RE, etc.) configured appropriately.
* Headers Format: The script displays headers formatted as pretty-printed JSON for readability but copies them as a standard, single-line JSON string suitable for pasting into other tools or configuration files.
* Updates: The @downloadURL and @updateURL are set to none. You will need to manually check for and install updated versions of this script if they become available.
---
Troubleshooting
* Popup Doesn't Appear:
* Did you "Remember" the site using the Tampermonkey menu?
* Did you reload the page after remembering the site?
* Is the script enabled in Tampermonkey?
* Check the Developer Console (F12) for errors.
* Data Fields Remain "Waiting...":
* Did you start playing the video? Sometimes the license isn't requested until playback begins.
* The site might use methods the script doesn't detect. Try the manual steps (check Network tab in F12, filter for "license", "widevine", "mpd").
* Check the Developer Console (F12) for script errors.
* "Send to API" Button Doesn't Appear: The script needs to successfully capture PSSH, License URL, *and* Headers before the button shows up. If one is missing, the button remains hidden.
* API Call Fails/Times Out: The external cdrm-project.com service might be down, slow, or blocking requests. Check the API response area in the popup and the Developer Console for details. Network issues can also cause timeouts.
* Conflicts: Other extensions or userscripts might interfere. Try disabling others temporarily.
