jails Can the Linux emulation mechanism written for FreeBSD supports different layers than the Ubuntu one ?

ziomario said:
… I can reproduce the DRM protected content using this video codec instead of the Widevine codec : OpenH264 Video Codec provided by Cisco Systems, Inc.
Click to expand...

Years ago, I confused myself with Netflix playback without Widevine. Netflix, or it might have been Amazon, right now I'm not sure. It took a long time (months) for me to realise how it worked. ziomario I'll send an explanation in Reddit chat.
 
I find very odd that Widevine is not included with Firefox. It seems a monopolistic choice. Since firefox is an open source browser and chrome is not ? there are commercial choices behind ? Firefox freezes on the message below. I mean,it seems that it is trying to install the appropriate components to reproduce the amazon prime content,but it's not.

Screenshot_2022-03-03_11-03-17.jpg
 
ziomario said:
I find very odd that Widevine is not included with Firefox
Click to expand...
Widevine is not open source. Is it really that hard to understand? On Windows (probably MacOS too) Firefox does have Widevine.

ziomario said:
Since firefox is an open source browser and chrome is not ?
Click to expand...
Chrome isn't open source, chromium is. There is a difference here.

ziomario said:
there are commercial choices behind ?
Click to expand...
You have to get your product certified in order to get Widevine at a certain level. Devices like the NVidia Shield TV for example have L1 Widevine certification and can therefor play DRM protected content at UHD (4K) resolutions.

indianexpress.com

Widevine DRM: What it is and what version does your phone support?

Here's all you need to know about Widevine DRM certifications and how to identify the Widevine security level of your phone.
indianexpress.com indianexpress.com
 
ziomario said:
… Firefox freezes on the message below. …
Click to expand...

I guess, that's Firefox for Linux, yes?

(Not www/firefox for FreeBSD.)

ziomario said:
… odd that Widevine is not included …
Click to expand...

These few pages explain Mozilla's rationale, and the implementation:
  • {link removed} (2016-04-08, discussion {link removed})
  • {link removed} (2015-12-05) in particular "… a hard decision because of our Mission and the closed nature of DRM. …"
  • {link removed}
Mozilla balanced the people's requirement to use Firefox for DRM-protected content with the people's requirement to not include Widevine.
 
Last edited:
Browsers need to support EME or you can't use that Widevine plugin at all.

The thing about these DRM plugins is that they need to have a "secure" path between receiving the data and rendering it. At no point in that chain should it be possible to "hook" some other function in the execution path of that data. Regular encoder plugins (like H264 for example) don't require this, all they do is decode some input stream and let the browser take care of the rendering.
 
So,ok. I've fired up Firefox on Linux and I tried to watch the amazon prime movie that I tried to watch before using Firefox with the Linuxulator and boom : I can watch it,no errors happens. I did nothing special. It worked out of the box. So,what ? is it the Linuxulator that does not work well ?
 
ziomario said:
… Firefox frozen here :

"Firefox is installing components needed to play the audio or video on this page. Please try again later."
Click to expand...



ziomario said:
… is it the Linuxulator …
Click to expand...

If retrying never succeeds – if the reported installation of components is endless – then it may be that Firefox can't get exactly what's required from your current environment. Which Linux are you using at the moment?

<{link removed}> showed firefox-77.0.1+build1-0ubuntu0.18.04.1 working on amd64 with Ubuntu 18.04.4 LTS on FreeBSD 13.0-CURRENT since r367288 (<{link removed}>, 2020-11-03). No mention of Widevine, it's not the type of test that I would have expected, so it's possible that it worked but not with Widevine.


For what it's worth, I vaguely recall the endless installation effect with some versions of Waterfox (not on FreeBSD).

Not quite the same, <{link removed}> in 2018:
  • apparently "will be installed shortly"
  • reportedly worked around by unblocking redirector.gvt1.com.
 
Last edited:
A couple of pages that people might find useful for testing DRM:
  • {link removed} (can't be tested without signing in, as far as I can tell)
  • {link removed} (the publicly accessible trailer presents a Digital Rights Error in the absence of what's required).
 
Last edited:
I'm realizing that the linuxulator is really fragile. Without "touch" it,I always see different errors and it stops working suddendly. Today the error that prevents its correct working is the following :

Code: 
marietto@marietto:/usr/home/marietto $ /compat/linux/usr/bin/firefox

XPCOMGlueLoad error for file /compat/linux/usr/lib/firefox/libxul.so:
libdbus-glib-1.so.2: cannot open shared object file: No such file or directory
Couldn't load XPCOM.

even chrome stopped working and Im sure that I didn't modify anything from the last time I ran chrome.

Code: 
marietto@marietto:/usr/home/marietto $ /compat/linux/bin/chrome
/compat/linux/bin/chrome: line 9: /opt/google/chrome/chrome: No such file or directory

Honestly I'm tired to play with it.
 
eh eh eh, thanks. Your help is for sure appreciated,but you have also confirmed that its hard to read the old messages.
 
SirDice said:

Trusted execution environment - Wikipedia

en.wikipedia.org en.wikipedia.org

Besides being used for DRM it is also quite useful for encryption algorithms (which is what DRM basically is).
Click to expand...

I know.

Software Guard Extensions - Wikipedia

en.wikipedia.org en.wikipedia.org

More general resources you can find on TEE-reversing github. It compiles information/works across the platforms.

What I was getting on, even if software is perfect (which it isn't), hardware could be poked, disassembled, chips can be passively monitored for reverse engineering purpose on a micro-level, etc. I just firmly believe that everything is crackable provided enough time and resources. Even if the hardware protections are in the chip itself.

If these kind of 'execution environments' were bulletproof there would be no problem of exporting sensitive technology.
 
grahamperrin said:




If retrying never succeeds – if the reported installation of components is endless – then it may be that Firefox can't get exactly what's required from your current environment. Which Linux are you using at the moment?

<https://wiki.freebsd.org/LinuxApps> showed firefox-77.0.1+build1-0ubuntu0.18.04.1 working on amd64 with Ubuntu 18.04.4 LTS on FreeBSD 13.0-CURRENT since r367288 (<https://cgit.freebsd.org/src/commit/?id=443d8a07dfa3fdd4379b4aac5f76700309d0a454>, 2020-11-03). No mention of Widevine, it's not the type of test that I would have expected, so it's possible that it worked but not with Widevine.


For what it's worth, I vaguely recall the endless installation effect with some versions of Waterfox (not on FreeBSD).

Not quite the same, <https://github.com/WaterfoxCo/Waterfox/issues/316#issuecomment-396678424> in 2018:
  • apparently "will be installed shortly"
  • reportedly worked around by unblocking redirector.gvt1.com.
Click to expand...

ok,I've fixed the previous firefox error. It had been uninstalled by something. Yes,exactly. retrying never work. I'm using Firefox 75 for Ubuntu and :

Linux marietto 3.17.0 FreeBSD 13.0-RELEASE #5 n244809-dff3dead3734: Wed Feb 23 13:16:3 x86_64 x86_64 x86_64 GNU/Linux.

I've waited some time and the mystery has been revealed :

Screenshot_2022-03-03_22-38-33.jpg


but I can see the Widevine addon present on Firefox and it is set to "always enabled" :

wScreenshot_2022-03-03_22-40-32.jpg


pluginGeneric.svg


this is the version used by Firefox :

Widevine Content Decryption Module provided by Google Inc.​



This plugin enables playback of encrypted media in compliance with the Encrypted Media Extensions specification. Encrypted media is typically used by sites to protect against copying of premium media content. Visit https://www.w3.org/TR/encrypted-media/ for more information on Encrypted Media Extensions.



Version 4.10.1582.2

Last Updated March 3, 2022

Homepage https://www.widevine.com/
 
At {link removed} the table of HTML5 browsers shows the ones for which Widevine is modular.

eric81 said:
… people reported to watch Netflix with such installed browsers. …
Click to expand...

As far as I can tell (some ambiguity), the module is:
  • installable after installing Brave
  • preinstalled with Google Chrome
  • preinstalled with Microsoft Edge
  • installable after installing Vivaldi.
{link removed} "… must be explicitly installed …"

{link removed} "… The plugin should be installed in your Chrome web browser regardless of whether you want it or not.…"

<{link removed}> "The enable/disable links are already removed …"

<{link removed}> "… Microsoft Edge supports Widevine by Google DRM and the option is on by default. …"

{link removed} "… Installing Widevine …"

{link removed} "… widevine codec. This can be installed …"


<{link removed}>
 
Last edited:
Zare said:
I know.

Software Guard Extensions - Wikipedia

en.wikipedia.org en.wikipedia.org

If these kind of 'execution environments' were bulletproof there would be no problem of exporting sensitive technology.
Click to expand...
The funny thing about SGX is that Intel just is not putting that stuff of in their 11 and 12th generation CPUs any longer. It's gone, without any replacement.

Which is a problem for people who want to view DRMed bluray discs on their computer, because the Bluray association demands the existence of SGX on computer hardware as hard requirement to be able to play such bluray discs. Cyberlink, one of the biggest maker of disc playing software, advises people if they want to be able to view bluray on a PC to stick with 10th generation CPUs, period.

Talking about Widevine: this is a proprietary DRM decoding component by Google. There are different levels of trust, which can be en- and disabled by Google. As consequence of the trust level, it will decode only a certain range of resolutions. The lower the trust, the worse the resolution it will show you.

Aside that nobody really knows how this library checks if it is running within supported hardware or is embedded within supported software stacks like Firefox, or not. This means that even if it runs under Linuxulator, nobody knows before testing if it will check the underlying OS, and try to figure out if it is running virtualized/on top of a emulation layer, and if so, how it will react to that fact. So for better or worse it's a black box, which is the intention of most DRM stuff anyway.

It doesn't come prepackaged with Firefox because this would be against the GPL license, under which Firefox is being made. In order to be GPL compliant that library would need to be opensourced.

To sum it up: poking around with Widevine under FreeBSD might be an interesting experiment if for you it is all about if you want to check how far you can go and where the limits are.

If you really though just want to watch Netflix and other streaming services, which are based on Widevine, then it's much easier to just use a device for which widevine has been officially certified, or software with corresponding operating system. In terms of Firefox this means Windows, MacOS, Linux.
 
hardworkingnewbie said:
The funny thing about SGX is that Intel just is not putting that stuff of in their 11 and 12th generation CPUs any longer. It's gone, without any replacement.

Which is a problem for people who want to view DRMed bluray discs on their computer, because the Bluray association demands the existence of SGX on computer hardware as hard requirement to be able to play such bluray discs. Cyberlink, one of the biggest maker of disc playing software, advises people if they want to be able to view bluray on a PC to stick with 10th generation CPUs, period.

Talking about Widevine: this is a proprietary DRM decoding component by Google. There are different levels of trust, which can be en- and disabled by Google. As consequence of the trust level, it will decode only a certain range of resolutions. The lower the trust, the worse the resolution it will show you.

Aside that nobody really knows how this library checks if it is running within supported hardware or is embedded within supported software stacks like Firefox, or not. This means that even if it runs under Linuxulator, nobody knows before testing if it will check the underlying OS, and try to figure out if it is running virtualized/on top of a emulation layer, and if so, how it will react to that fact. So for better or worse it's a black box, which is the intention of most DRM stuff anyway.

It doesn't come prepackaged with Firefox because this would be against the GPL license, under which Firefox is being made. In order to be GPL compliant that library would need to be opensourced.

To sum it up: poking around with Widevine under FreeBSD might be an interesting experiment if for you it is all about if you want to check how far you can go and where the limits are.

If you really though just want to watch Netflix and other streaming services, which are based on Widevine, then it's much easier to just use a device for which widevine has been officially certified, or software with corresponding operating system. In terms of Firefox this means Windows, MacOS, Linux.
Click to expand...

my impression is that we have lost the focus. On a real Linux installation Firefox is able to reproduce DRM contents without problems,but not if it is installed with the Linuxulator. Something is broken there.
 
You must log in or register to reply here.
Back
Top