Displays Widevine data. Sends data to cdrm-project API via button when ready. API response copyable. Popup only on remembered sites. Scrolls. Help button. Click values to copy. Collapse/Expand. Detailed logging.
This Tampermonkey/Violentmonkey userscript assists in extracting Widevine Content Decryption Module (CDM) information needed for potential decryption purposes. It automatically detects and displays the PSSH (Protection System Specific Header Data), License URL, associated Request Headers, and often the MPD (Media Presentation Description) URL directly on the webpage via a convenient floating popup.
Based on: This script is a modification and enhancement of the original EME Logger by cramer, significantly extended by TheGuy007.
Disclaimer: This tool is intended for educational purposes, security research, or for making legitimate personal backups of content you own or have the rights to access. Using this script to circumvent copyright protection on content you do not own may be illegal in your country and violates the terms of service of most streaming providers. Use responsibly and ethically.
---
widevine, license, etc.)..mpd) from network requests.cdrm-project.com API to attempt key retrieval. (See notes below)Remember "[hostname]" for Popup: Adds the current site.Forget "[hostname]" for Popup: Removes the current site.Clear All Remembered Sites: Removes all sites from the list.---
document-start to install "hooks" into the browser's core functions related to media playback and network requests before the page fully loads them. Specifically, it proxies:MediaKeySession.prototype.generateRequest: To grab the initialization data (which contains the PSSH).window.fetch: To inspect network requests made using the Fetch API.XMLHttpRequest.prototype.open, setRequestHeader, and send: To inspect network requests made using XHR.widevine, license, licence, getlicence, auth to identify the potential license acquisition request, and mpd for the manifest file.GM_setValue), the script creates and displays the floating popup UI. It dynamically updates the fields in the popup as data is captured.GM_xmlhttpRequest (necessary for cross-domain requests from a userscript) to send a POST request containing the PSSH, License URL, and Headers (as a JSON string) to the specified cdrm-project.com endpoint. The response is then displayed.---
1. Install Userscript Manager: Make sure you have a userscript manager extension installed in your browser (e.g., Tampermonkey or Violentmonkey).
2. Install Script: Install the "Widevine Download Helper+++" script.
3. Navigate to Target Site: Go to the website containing the Widevine-protected video you want to analyze.
4. Remember the Site:
* Click the Tampermonkey (or Violentmonkey) extension icon in your browser toolbar.
* Find "Widevine Download Helper+++" in the list of running scripts.
* Click on Remember "[current website hostname]" for Popup.
* A confirmation alert will appear.
* Reload the page (F5 or Ctrl+R/Cmd+R). This is crucial for the script to activate fully on the now-remembered site.
5. Play the Video: Start playing the protected video content. This usually triggers the license request needed by the script.
6. Observe the Popup: The "Widevine Helper +++" popup should appear (usually in the top-right corner). Watch as the fields ("PSSH:", "License URL:", "Headers:", "MPD url:") populate. They will initially say "Waiting...".
* If data doesn't appear after starting playback: Check the Developer Console (F12 -> Console tab) for logs or errors from the script. You might need to interact with the player more (e.g., seek, change quality) or try the manual steps via the Help ('?') button if it appears.
7. Copy Data: Once a value (like PSSH or License URL) appears and is no longer "Waiting...", click directly on the value text within the popup. It will be copied to your clipboard, and a temporary "Copied!" message will show. The headers are copied as a minified JSON string.
8. (Optional) Use API: If/When the PSSH, License URL, and Headers fields are all populated, the "Send to API" button will become visible and enabled.
* Click the button to send this data to cdrm-project.com.
* The button will disable, and a "Sending request..." message will appear below it.
* Wait for the response. The result (success message with keys, error message, etc.) will be displayed in the area below the button.
* If the response contains useful text (like decryption keys), the response text itself will become underlined and clickable to copy.
9. Manage Sites: Use the Tampermonkey menu commands (Forget "[hostname]"..., Clear All Remembered Sites) as needed to control where the script's popup appears. Remember to reload the page after forgetting a site for the change to take effect.
10. Use UI Features: Click the title bar to collapse/expand the popup. Click the '?' button (if it appears) for manual detection hints.
---
* cdrm-project API: This script integrates with a specific third-party service (cdrm-project.com).
* The availability, reliability, and functionality of this external API are **not guaranteed** by the script author. It may go offline, change, or require authentication in the future.
* Sending data (PSSH, License URL, Headers) to this service means sharing potentially sensitive information. Understand the implications before using the "Send to API" button. Headers, in particular, might contain session cookies or tokens.
* Detection Isn't Perfect: While the script tries common keywords, some websites use non-standard URLs or complex methods for license requests. Automatic detection might fail on certain sites. The manual steps (via the Help button or general F12 Network tab inspection) are the fallback.
* No Downloads: This script *only* helps extract the necessary *data* (PSSH, license URL, headers, keys via API). It **does not** download the video/audio content itself. You would typically use this data with other tools (like yt-dlp, N_m3u8DL-RE, etc.) configured appropriately.
* Headers Format: The script displays headers formatted as pretty-printed JSON for readability but copies them as a standard, single-line JSON string suitable for pasting into other tools or configuration files.
* Updates: The @downloadURL and @updateURL are set to none. You will need to manually check for and install updated versions of this script if they become available.
---
* Popup Doesn't Appear:
* Did you "Remember" the site using the Tampermonkey menu?
* Did you reload the page after remembering the site?
* Is the script enabled in Tampermonkey?
* Check the Developer Console (F12) for errors.
* Data Fields Remain "Waiting...":
* Did you start playing the video? Sometimes the license isn't requested until playback begins.
* The site might use methods the script doesn't detect. Try the manual steps (check Network tab in F12, filter for "license", "widevine", "mpd").
* Check the Developer Console (F12) for script errors.
* "Send to API" Button Doesn't Appear: The script needs to successfully capture PSSH, License URL, *and* Headers before the button shows up. If one is missing, the button remains hidden.
* API Call Fails/Times Out: The external cdrm-project.com service might be down, slow, or blocking requests. Check the API response area in the popup and the Developer Console for details. Network issues can also cause timeouts.
* Conflicts: Other extensions or userscripts might interfere. Try disabling others temporarily.