Decrypt Labs

Merry Christmas, everyone 🎄 I’m truly grateful for all of you who’ve stayed with me❤️ Wishing you and your loved ones a wonderful Christmas 🤭 Stay safe and stay blessed✨

Hello everyone, I've been getting a lot of DMs about this, so I want to state this clearly: Yes, I am selling private L1 CDMs! (This isn't new, by the way; I have been doing so since last December:) Regarding L1s, here is what I can offer based on your needs: 🌐 Whitelisted L1 CDMs These are for sites that require a whitelisted L1 for 4K content, such as:

* Movies Anywhere * Now * Google Play / YouTube Movies * Canal+

🔄 Standard L1 CDMs We also provide L1 CDMs for sites that do not have a whitelist requirement, such as:

* DirecTV * Oqee * TrueID * Vodafone * Peacock * SkyShowtime

Basically, if the site you are looking to get content keys from requires an L1 CDM (and is not Netflix), we should be able to provide an L1 CDM that works for you.

Regarding Netflix: Even though I can provide a 4K allowed L1 CDM for Netflix with the necessary ESN for it, I want to note, I will NOT be selling L1 CDMs for Netflix. They get downgraded to FHD/SD way too fast on Netflix (often in mere hours), so it won't be worth it for you. (Yes, even if you have a script with TV login fixed, it will get downgraded almost instantly.)

🛡 Every L1 CDM we offer includes a 3-month or 6-month warranty.😇 If you are interested, message me:- @Zane_Wasley

1. The person in this screenshot has posted this message about 26 hours ago. However, the current L1 CDM was added to the API about 36 hours ago, and it has NOT been revoked yet. Anyone can easily verify this at any moment. Yet this person is claiming otherwise, and what’s more surprising is that some people actually believe it without even testing! 2. To clarify: the CDM I shared here is NOT the one being used in the API. It was never used in any API ever! That CDM is connected to a completely different story. The current L1 in the API has NOT been downgraded. 3. I want to emphasise again that the L1 CDM which is currently used in the API is working perfectly. It has not been revoked anywhere and is not listed as a revoked device in the official DCSL yet. 4. Even though it’s still working, I’ll be adding another CDM with a different System ID to the API within the next hour. This gives everyone enough time to confirm that the CDM I added 36 hours ago is still fully functional, proving that the claims made 26 hours ago were false. The reason I’m adding in a new one is that some services sometimes prefer certain System IDs or Client ID information over some others. Some of you may remember that when the free L1 API was first published 48 hours ago, it used a different System ID than the current one. Just like that, while the current CDM hasn’t been revoked yet, I’ll be swapping it out soon since today is the 3rd day.

There’s still a full day left to use the L1 API:) Also, feel free to share this around because I have a feeling many people still don’t know about it and the 3 days are almost up! If you have any questions, feel free to contact:- https://t.me/ZANE_WASLEY

The above code is taken from the Widevine License Server SDK source codes. In other words, it’s code that actually runs on Widevine license servers. You can probably understand what’s happening just by looking at it. Google provides Widevine licensees with a separate API for reporting license requests they believe to be fraudulent. This process can even be automated if the provider chooses to do so. What does this mean? It means that almost all license servers absolutely can (and already do) report CDMs that are involved in suspicious or poorly constructed license requests. There are countless ways for a license server to determine whether a request is legitimate or not. Not all license servers monitor this actively but some definitely do. I think it’s worth highlighting, because it’s rarely talked about. Provisioning an L1 correctly is only the first step. If your requests are not properly structured, they will be able to identify your CDM. So if you have your own L1, be very careful with how you use it. Always make sure your requests match a legitimate client’s behavior 1:1 in every way possible. Anyways here is that previously L1, now downgraded to L3 CDM.

~Story time~ Some of you guys might remember that I said the below, for a L1 CDM which was used with DirecTV:

Fun fact: This L1 has now been downgraded to L3. It is crazy that they downgraded it instead of revoking it. What is even more crazier is that me being the reason for a whole line of device's System ID downgrade. 😅 (I assume the whole system id is now downgraded because I don't think that they can just downgrade an individual keybox's security level. I will verify that later.) I suspect the reason is because DirecTV or it's license server has reported it to Google because one user had done over 22K license requests using it.

That CDM, which had the System ID 8131, eventually got published everywhere. So the summary is: I said that Google downgraded an entire System ID just because one L1 provision was overused on DirecTV. I also said DirecTV might be monitoring CDMs. Well, guess what? It happened again! A few months ago, I gave one of my friend an L1 CDM to use just with DirecTV. Recently, I found out that Google downgraded the entire System ID of that CDM again! Just because it was used on DirecTV!! How do I know DirecTV was the reason? The System ID of that CDM was 12063; those who know, know that it’s a kind of a rare System ID. So the fact that it got downgraded exactly when it was being used on DirecTV is definitely NOT a coincidence. Still don’t believe me? Check this out:

  public byte[] reportFraudulentDevice(
      String licenseRequest,
      @Nullable String clearClientId,
      @Nullable String userAgent,
      @Nullable String reason)
      throws InterruptedException, IOException {
    ReportFraudLevelRequest request =
        createReportFraudLevelRequest(
            this.provider, licenseRequest, clearClientId, userAgent, reason);
    ManagedChannel channel = createRpcChannel(FRAUDULENT_API_SERVICE_PATH);
    try {
      return reportFraudulentDeviceWithChannel(channel, request);
    } finally {
      closeRpcChannel(channel);
    }
  }

  // Construct the ReportFraudLevelRequest.
  static ReportFraudLevelRequest createReportFraudLevelRequest(
      String provider,
      String licenseRequest,
      @Nullable String clearClientId,
      @Nullable String userAgent,
      @Nullable String reason) {
    RequestMetadata.Builder requestMetadata = RequestMetadata.newBuilder().setProvider(provider);
    if (userAgent != null) {
      requestMetadata.setUserAgent(userAgent);
    }
    LicenseRequestInfo.Builder licenseRequestInfo =
        LicenseRequestInfo.newBuilder()
            .setRequestMetadata(requestMetadata.build())
            .setLicenseRequest(ByteString.copyFrom(Base64.getDecoder().decode(licenseRequest)));
    if (clearClientId != null) {
      licenseRequestInfo.setClearClientId(
          ByteString.copyFrom(Base64.getDecoder().decode(clearClientId)));
    }
    ReportFraudLevelRequest.Builder request =
        ReportFraudLevelRequest.newBuilder()
            .setFraudLevel(
                FraudLevel.newBuilder().setFraudScore(FraudLevel.FraudScore.FRAUD_SCORE_CRITICAL))
            .setLicenseRequestInfo(licenseRequestInfo.build());
    if (reason != null) {
      request.setReason(reason);
    }
    return request.build();
  }

  private byte[] reportFraudulentDeviceWithChannel(
      ManagedChannel channel, ReportFraudLevelRequest request) throws IOException {
    logger.log(Level.INFO, "Reporting fraudulent device...");
    FraudDetectionAndReportingServiceGrpc.FraudDetectionAndReportingServiceBlockingStub
        blockingStub =
            FraudDetectionAndReportingServiceGrpc.newBlockingStub(channel)
                .withInterceptors(MetadataUtils.newAttachHeadersInterceptor(createMetadata()));
    ReportFraudLevelResponse response = blockingStub.reportFraudLevel(request);
    logger.log(
        Level.INFO,
        "GRPC Call to report fraud returned:\n" + TextFormat.printer().printToString(response));
    return response.toByteArray();
  }

Since many people are asking for Netflix, here is the ESN of the currently used CDM in the API: HISETVK84500000000000000000000000007401422 As for the other questions: Yes. It should work for licensing the maximum qualities offered by the platforms: DirecTV, NowTV, Canal+, Oqee, Peacock, SkyShowTime, Optus, Fubo etc...

Most of you probably already know how to use the above API key. If you don’t, no worries; I’ve got you! 🌐 Here’s a quick breakdown on how to use the API 🧑‍💻 Base API URL:

https://keyxtractor.decryptlabs.com

Required API Header:

decrypt-labs-api-key: decrypt_labs_special_ultimate

🔰 For generating the license request (/get-request) :-

POST to: https://keyxtractor.decryptlabs.com/get-request

Request Payload: 
{
  "scheme": "L1",                        // Only use "L1"
  "service": "generic",                  // Name or URL/domain of the service/platform/site you want to get keys of.
  "init_data": "<Base64 PSSH>",          // The PSSH (init) data.
  "service_certificate": "<Base64 cert>",// Base64 encoded service certificate
  "get_cached_keys_if_exists": true      // Would be always True for the DRM scheme "L1"
}

🔀 Possible Responses: • The response may be in one of two formats:

Case 1 – Challenge Response Format:

{
  "message": "<response-status>",      // Returns "success" upon a succesful license request generation else "failed"
  "message_type": "license-request",   // The type of the returned response.
  "challenge": "<challenge string>",   // The generated license request challenge (Base64 encoded)
  "session_id": "<session-id-string>", // Session identifier
  "scheme": "L1"
}

Case 2 – If cached keys are already available for the requested content:
{
  "message": "success",
  "message_type": "cached-keys",
  "cached_keys": [
    {
      "kid": "...",
      "key": "...",
      "title": "...",
      "time_added": "...",
      "pssh": "...",
      "page_url": "...",
      "manifests": "...",
      "decryption_method": "..."
    },
    {
      <The above structure will get repeated for each key if there is more than one key for the content>,
    },
  ]
}

🔰 Decrypting the license response and getting keys (/decrypt-response) :-

POST to: https://keyxtractor.decryptlabs.com/decrypt-response

Request Payload:
{
  "scheme": "L1",                                 // Must be "L1"
  "session_id": "<session-id>",                   // From /get-request
  "init_data": "<Base64 PSSH>",                   // Same init_data used before
  "license_request": "<Base64 challenge>",        // From /get-request
  "license_response": "<Base64 license response>" // The license from the licence server in Base64 format
}

🔀 Response:

Response Format:
{
  "message": "success",                                        // Returns "success" upon a succesful license decryption else "failed"
  "keys": "--key kid1:key1\n--key kid2:key2...",  // The content keys.
  "scheme": "L1"
}

I know some of you might be wondering… “Wait, did Zane forget the gift?” 🎁 Well… it took a little time to prepare, and maybe some of you already had a hunch about what’s coming… And here we go… enjoy! 😎 🔥 Presenting to you: ✨ Decrypt Labs KeyXtractor Ultimate Plan – L1 API 💫

🔐 API Key: decrypt_labs_special_ultimate

🎆 As you may remember, Decrypt Labs turned 3 years yesterday. So for the next 3 days it’s all yours. Go wild! 😉

🙊 Decrypt Labs turns 3 today! 🎂

Happy anniversary, everyone! 🎉🥰 We’ve got a lot of exciting things planned for the future… but first, do you guys want a gift? 😉❤️

4️⃣🔜 🚩🚩🚩🚩🚩🚩🚩🚩 🔤🔤🔤🔤 🍓ChromeCDM, SL2000, SL3000, L2, L1—this plan covers it all. 🤩

The Ultimate Plan is designed for true power users who need unrestricted access to every DRM layer across Widevine and PlayReady👻

💃 Whether you're exploring compatibility with L1/L2 environments or working with platforms that gatekeep 4K behind exclusively those security levels—this is your all-in-one solution.🎉 You’ll get access to: 1️⃣ Everything in the Elite Plan 2️⃣ Access to L2/L1 Decryption

Need keys from services that don’t support PlayReady but lock higher qualities behind Widevine L1? No problem. This plan gives you access to real L1/L2 CDMs so you can go beyond the limitations of L3 and PlayReady based solutions. Whether you're testing L1 for your service or just chasing the best video quality—it’s all possible here.🎀

Supported DRM + Security Levels: • Widevine (via ChromeCDM) → L3 (Extension, API, Vinetrimmer, Scripts) • Widevine → L2 (API) • Widevine → L1 (Extension [on selected sites, see below], API, Vinetrimmer, Scripts) • PlayReady → SL2000 (API, Vinetrimmer, Scripts) • PlayReady → SL3000 (Extension, API, Vinetrimmer, Scripts) • Clearkey (Extension only) Supported Qualities on Popular Platforms: The Ultimate Plan supports 4K across each and every platform, with a few exceptions:

• Netflix (1080p only) • MoviesAnywhere – 4K might work, but not guaranteed • DirecTV – Support for DirecTV HD has been removed from this plan. DM for solutions.

🍍Extension note: Quality limits when using the extension stay the same as in the Elite Plan, except: ▫️Max/Oqee/TrueID – Would support up to 1080p via the extension, unlike in earlier plans.

3️⃣🔜 🚩🚩🚩🚩🚩 🔤🔤🔤🔤 ☀️ If you're the kind of user who wants everything at the highest quality—no compromises—the Elite Plan is what you’re looking for. 4K across almost all services? Yep, this is for you☺️ You’ll get access to: 1️⃣ Everything in the Pro Plan 2️⃣ Access to SL3000 Decryption

Elite plan unlocks SL3000 PlayReady decryption, enabling key extraction of the highest possible quality streams (including 4k) from almost all major platforms⭐️

Supported DRM + Security Levels: • Widevine (via ChromeCDM) → L3 (Extension, API, Vinetrimmer, Scripts) • PlayReady → SL2000 (API, Vinetrimmer, Scripts) • PlayReady → SL3000 (Extension [on Windows Edge browsers only], API, Vinetrimmer, Scripts) • Clearkey (Extension only) Supported Qualities on Popular Platforms: With this plan, you’ll be able to get keys up to maximum available qualities (including 4K) on nearly all services—using the API or Vinetrimmer🙃

⚠️ Exceptions where 4K is NOT possible with this plan are: • Netflix (1080p only) • MoviesAnywhere (720p only) • SkyShowTime (requires L1 for UHD) • Oqee (requires L1 for HD) • TrueID (requires L1 for HD) • DirecTV (requires L1 for HD)

🍍Extension note: Quality limits when using the extension stay the same as in the Pro Plan, except: ▫️Canal+ (FR/PL), Videoland – Would support up to 1080p via the extension, unlike in earlier plans. [on Windows Edge browsers only]

2️⃣🔜 🚩🚩🚩 🔤🔤🔤🔤 ⭐️The Pro Plan is built for professional users who know their way around DRM workflows and want more control and automation. 🥰 You’ll get access to: 1️⃣ Everything in the Basic Plan 2️⃣ Decrypt Labs – KeyXtractor API

Our KeyXtractor API is a raw, script-ready API built for automation. Whether you’re running your own tools or building custom DRM scripts, the API gives you direct access to DRM key extraction for both Widevine and PlayReady.🚶‍♀️

How it works: 🍴To use it, you’ll need to already have (or create) scripts for extracting keys or downloading content. If you’re familiar with CLI-based tools, you’ll find it easy to plug the API into your existing setup☺️

3️⃣ Decrypt Labs – Cached Keys Vault

The Cached Keys Vault is our MASSIVE, auto-updating database of extracted keys from all around the world😇 Every time any of our users extracts a key, it gets logged here (if cacheable). So if you have a KID or PSSH, but don’t want to—or can’t—run a full license request, just search the vault👩‍💻 No guarantees the key will be there, 🥱but chances are good—especially for popular content.

Bonus: An integration with our cached keys vault + o11 would also be provided to our users with this plan.🤗 4️⃣ Pre-Made Downloading Scripts • Vinetrimmer • Other community-built scripts with KeyXtractor API already integrated

Vinetrimmer is a command-line utility that handles the entire pipeline: from fetching to decrypting to saving DRM-protected videos in just a few steps. It’s smart, flexible, and efficient. You can: ➡️Select video qualities, profiles, bitrates ➡️Choose audio/subtitle languages and formats ➡️Download content from a pre-defined list of supported services 💻Works best on Windows, but can be adapted for Linux/macOS with some tweaks. 🔗 Full list of supported services for Vinetrimmer: https://t.me/DecryptLabs/141

Note: Vinetrimmer and other scripts are not official Decrypt Labs tools. We don’t provide direct support for them, but our community group will always be open if you need help or have questions☺️ Supported DRM + Security Levels: • Widevine (via ChromeCDM) → L3 (Extension, API, Vinetrimmer, scripts) • PlayReady → SL2000 (Extension [on Windows Edge browsers only], API, Vinetrimmer, scripts) • Clearkey (Extension only) Supported Quality on Popular Platforms:

Notable supported qualities on some major sites via the pro plan: • Max – 4K (API, Vinetrimmer) • Netflix / Amazon / Hulu / Apple TV+ / iTunes / Peacock / SkyShowTime– 1080p (API, Vinetrimmer) • NowTV – 1080p (API, community scripts) • Discovery+ – 1080p (API) • Disney+ – 720p (API, Vinetrimmer) • Canal+ PL VOD – 1080p (API) • Canal+ PL Live / FR VOD / FR Live – 720p (API)

🍍 Extension note: When using the Extension, supported qualities remain the same as in the Basic Plan.

Need just L3s or SL2000s? Perhaps the ChromeCDM? Or maybe even L1s, L2s, or SL3000s? ☺️ 👻Look no more! You’ve come to the right place :) We’ve got almost everything you could need—or even think of—in the DRM space. 🎉There are 4 subscription plans we currently offer, effective from 20th May 2025: Basic, Pro, Elite, and Ultimate. 1️⃣🔜 🚩🚩🚩🚩🚩 🔤🔤🔤🔤 🌻 If you’re looking to quickly and effortlessly extract keys and links while watching DRM-protected videos in your browser, this plan is made just for you. 🥰 You’ll get access to: • Decrypt Labs - KeyXtractor Extension🍒

The KeyXtractor Extension is a powerful browser add-on that works across Linux, macOS, and Windows. It extracts DRM keys and links from any website that plays DRM-protected content using Widevine, PlayReady, or Clearkey.

How it works: Simply visit a site and play a DRM video with the extension enabled. You’ll see the decryption keys and manifest links appear right in front of you. From there, you can use tools like N_m3u8DL-RE to download and decrypt the content. 💃More details: https://t.me/DecryptLabs/135

Why it’s better than free tools: Unlike free solutions, our extension uses ChromeCDM, the actual Content Decryption Module your browser uses😎That means: • No need to recreate/replace license requests • No messing with headers or proxies • No guesswork If any DRM video plays in your browser, you will get the keys of it. It’s that simple.

Supported DRM + Security Levels: • Widevine (via ChromeCDM) → L3 • PlayReady → SL2000 [on Windows Edge browsers only] • Clearkey Supported Qualities on Popular Platforms: Under the basic plan, you will get keys and links for the default qualities that is served to your browser by the services.

Notable supported qualities on some major sites via the basic plan: • Netflix / Amazon – 1080p • NowTV / Discovery+ / Max – 720p (sometimes 1080p) • Apple TV+ / iTunes – 540p • Canal+ PL VOD – 1080p • Canal+ PL Live, Canal+ FR VOD/Live – 720p

Lying much? Please check the keys that your stupid bot spits out Mike: https://discord.com/channels/1310081781604552764/1373581299583025344/1374255290215829586

KID:48656c6c6f204d696b652c205a616e65 | KEY:20686572652e20596f75207265616c6c
KID:792068617665206e6f207368616d652c | KEY:20646f20796f753f2049e28099766520
KID:7365656e2065766572797468696e6720 | KEY:796f7520736169642061626f7574206d
KID:6520616e64204f48204d5920474f442c | KEY:206a7573742072656164696e6720796f
KID:7572206d65737361676573206d616465 | KEY:206d65206372696e676520696e746f20
KID:616e6f746865722064696d656e73696f | KEY:6e2e20492067656e75696e656c792064
KID:69646ee28099742077616e7420746f20 | KEY:6172677565207769746820796f752c20
KID:6265636175736520696620796f757220 | KEY:627261696e206576656e2063616d6520
KID:636c6f736520746f204154204c454153 | KEY:54206576656e2054656c6c79e2809973
KID:206c6576656c2c206d61796265206974 | KEY:20776f756c64e280997665206265656e
KID:20776f7274682069742e20427574206f | KEY:6e20676f642c20796f75722073747570
KID:696469747920697320696e2061206c65 | KEY:61677565206f6620697473206f776e2e
KID:204576656e206166746572206c65616b | KEY:696e672065766572797468696e672c20
KID:796f75207374696c6c20686164207468 | KEY:6520617564616369747920746f206372
KID:6561746520736f6d65206c616d652d61 | KEY:737320626f74207573696e67206d7920
KID:4150493f20446f20796f757273656c66 | KEY:2061206661766f757220616e64206b65
KID:657020796f7572207374757069642061 | KEY:7373207468652068656c6c2061776179

I have added a nice encoded message for you;:)