Site changed key derivation #8
Description
While reasonably worked after kick a mongth ago, something has seriously broken now:
Downloading chunk #0
bad decrypt
34380884552:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:/usr/src/crypto/openssl/crypto/evp/evp_enc.c:563:
Downloading chunk #1
bad decrypt
34380884552:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:/usr/src/crypto/openssl/crypto/evp/evp_enc.c:563:
I went to evp_enc.c and saw:
540 b = ctx->cipher->block_size;
...
550 if (b > 1) {
551 if (ctx->buf_len || !ctx->final_used) {
552 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
553 return (0);
554 }
555 OPENSSL_assert(b <= sizeof(ctx->final));
556
557 /*
558 * The following assumes that the ciphertext has been authenticated.
559 * Otherwise it provides a padding oracle.
560 */
561 n = ctx->final[b - 1];
562 if (n == 0 || n > (int)b) {
563 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
564 return (0);...which for CBC mode seems to mean wrong key/IV was used.
Moreover, each run produced different key while being pointed to same file from --use-cache !
After inspecting requests and responses in browser, I found that https://play.boomstream.com/api/process/ URL differs in last part, that is, IV is correct (and always same between different runs) but key part is now different. And on different URL server gives wrong key. Manually I can decrypt if put key from browser.
I was unable to guess new algorithm for key URL obtaining