How those webrips are performed? Are there leaked DRM keys or something like that? I thought that DRM encrypts stream all the way from website to display, so it's quite hard to intercept it.
Pirates cracked Widevine (and possibly other schemes). They have a drop-in replacement DLL (which they keep secret) that dumps the original content of the stream (not a screen / HDMI capture, like the other two comments said). This is called a WEB-DL, while capturing and encoding the stream is usually called a WEBrip.
This doesn't work for Widevine L1, as L1 is handled in hardware. Windows has some interface to the Intel Management Engine used for this, Android OEMs write drivers and ship devices with keys, other platforms are out of luck.
Widevine L1 has been cracked. Pirates gain code execution in the ARM TrustZone¹ and peek into the decryption keys of the widevine module. That's how 4k WEB-DL Netflix content gets pirated.
That's correct. Anything actually protected by Widevine L1 (meaning no workaround to get L3 instead) would require a different approach than just cracking the library.
If 4k netflix is what protected by their best hardware DRM, then... somebody managed to either exfiltrate the key, or drill the chip and get it extracted physically.
It's not clear. The tools are kept secret to avoid patching. But presumably they reverse engineered it and have a way to capture the raw stream.
I know at one point they were using Roku TVs or Fire TVs which allowed an older DRM standard. Now apparently there's a crack for Windows that's kept underground in the scene groups doing releases.
Basically this. HDCP 2.2 is "secure", but the previous versions aren't. A company signed the HDCP agreement and got the decryption keys, and made a device that could downgrade HDCP. Apparently this was allowed by the HDCP licensing agreement so it's all legal.
Ok but that will be lower quality. The original compressed file will be decoded and sent to the monitor at full resolution and frame rate, and then the pirates will be able to capture that. Then the pirates will need to encode/compress that for distribution. This new file will be lower quality, I believe.
If you have a good internet connection and graphics card you can just capture the screen and intercept the audio separately. It's got a few artifacts here and there, but nothing that makes it unwatchable
No key involved, but a long time ago, circa 2008, I used to record my TV shows in my Rogers (Canada) PVR. It so happened it had a firewire port, and all you had to do was load the firewire SDK on your macbook, and when you play back your show on the PVR, you could capture the raw .ts (transport stream) which contained the MPEG2 video.
I think that's why most players now have no extra ports besides the HDMI as it was easy to bypass the HDMI protection...if you can call it that.
