I am trying to understand how DRM works under the hood. There doesn’t seem to be much information about it on the web so I figured I would ask here.
After some attempted research, I found it extremely difficult to find any information regarding how Widevine or FairPlay DRM actually works. There is some general information about Content Decryption Module (CDMs) and such but how it actually works seems to be a mystery. I am wondering if this is intentional because much of DRM is maybe security through obscurity.
My basic/abstract understanding of DRM is that a file is encrypted usually using AES. When the file is attempted to be accesses the DRM solution, using some proprietary (this is the part I am looking to understand better), transfers the key to the CDM for it to be decrypted and then provided back to the application, often a browser, for playback. Is this correct?
If the above is the case, I assume that an attacker could simply edit the binary for the CDM to access the key or the file after is decrypted.