Exactly - which is why the CDM is a contentious topic because you have no way to see what's inside it. Also, technologies such as HDCP, Trusted Execution Environment prevent the decrypted and decoded frames from being leaked. At least, that's the intention.
And the CDM vendors are Google, MSFT, and Apple. There's no way they are going to leak their code :)
What's really strong is the rotation of decryption keys. Content providers rotate the keys often (at times, in the middle of a movie, and very often during a live stream) to deter people from cracking the key.
Cracking DRM can be done and the goal from the other side is to make it hard and expensive. Nothing is impossible :)
IMO it isn't that hard to crack a DRM system. My understanding is that most of the protections are legal, not technical, as in, if you do it, they'll sue the hell out of you and win.
Yeah, there are many trivial systems out there that mostly provide legal protection.
But there are also some pretty sophisticated DRM systems that are technologically quite well implemented and take a large effort to break. BD+ is one of these for example.
And maybe going to platforms where the whole hardware is specialized is not what most people have in mind when they think DRM but the basic building blocks are similar. Microsoft's "Guarding Against Physical Attacks: The Xbox One Story" talk is also one of the few examples I know of where a manufacturer explains how they implemented such a system. [1]
Thanks for linking this talk, it was indeed interesting. Especially the part where he said that "if the hack costs more than 10 games, we're fine". Indeed, you probably aren't breaking this thing unless you have millions of dollars worth of equipment and the expertise to use it.
But then video game consoles are special. They were always these closed, tightly-controlled ecosystems. General-purpose devices, like phones and computers, typically lack this kind of integration between their components. Yes, there's ARM TrustZone, and that's about it. Thankfully. And I'm not aware of anything similar on x86 PCs (besides the Apple T2, which was recently compromised).
"Eventually, all DRM will be cracked" LOL. Gerhard Lengeling would like a word. He spent as much time implementing the copy protection for Notator as he did writing the program itself, which copy protection involved a dongle in the Atari ST's cartridge port. And despite crackers' best efforts, it remained uncracked for at least two decades.
Also Adobe, although I'm not sure if their CDM (Adobe Primetime) is still relevant.
> which is why the CDM is a contentious topic because you have no way to see what's inside it
Related to this: Firefox takes steps to try to contain the CDM blob within a sandbox. [0] See also this old blog post from before Firefox switched from Adobe's CDM to Google's WideVine CDM. [1]
And the CDM vendors are Google, MSFT, and Apple. There's no way they are going to leak their code :)
What's really strong is the rotation of decryption keys. Content providers rotate the keys often (at times, in the middle of a movie, and very often during a live stream) to deter people from cracking the key.
Cracking DRM can be done and the goal from the other side is to make it hard and expensive. Nothing is impossible :)