I reverse-engineered Netflix's 4K restrictions

https://github.com/Pickle-Pixel/netflix-force-4k

65•picklepixel•1h ago

Comments

picklepixel•1h ago

I pay for Netflix Premium but was stuck at 1080p. Turns out Netflix layers multiple capability checks before serving 4K: user agent, screen resolution, Media Capabilities API, codec support, DRM robustness negotiation, and their Cadmium player's internal bitrate caps.

Built an extension that spoofs all of these. The interesting discovery: you have to intercept every layer. Miss one and you're back to 1080p.

Here's the catch though. Even with all the JavaScript spoofs working, Chrome still won't get 4K. Netflix requires Widevine L1 (hardware DRM), and Chrome only has L3 (software). The browser literally can't negotiate the security level Netflix wants. Edge on Windows has L1, so the extension actually delivers 4K there.

So what's the point on Chrome? Honestly, not much for 4K specifically. But the reverse-engineering was the interesting part. Understanding how Netflix fingerprints devices and decides what quality to serve. The codebase documents all the APIs they check.

On Edge: works reliably, getting 3840x2160 at 15000+ kbps. On Chrome: spoofs work, DRM negotiation fails, stuck at 1080p.

The repo has detailed documentation on what each spoof does and why. Happy to discuss the technical approach or answer questions.

doctorpangloss•1h ago

i can understand the enthusiasm around LLM authored code bases.

but i cannot understand why someone would write comments on hacker news with an LLM. how could you say something was interesting, if you didn't even do it?

michaelt•55m ago

> Happy to discuss the technical approach or answer questions.

Netflix says "Ultra HD (2160p)" requires Microsoft Edge on Windows [1].

This is a "Netflix 4K Enabler" extension that spoofs being Microsoft Edge on Windows - but unless I'm misunderstanding, the extension only works on Microsoft Edge, on Windows.

Under what circumstances would a user want this extension?

[1] https://help.netflix.com/en/node/30081

stevemk14ebr•38m ago

So your extension does a bunch of hooks to spoof edge, but then only works on edge? And edge using Netflix normally already supports 4k. So this does nothing and does not solve the stated problem of chrome and Firefox 4k Netflix streaming.

Am I missing something?

arjie•27m ago

I would imagine it's less a product to use and more documentation of the various techniques that are involved. It seems pretty reasonable to share that with others.

picklepixel•1h ago

TLDR; I made an extension to force 4K on Netflix.

hug•1h ago

I may be an idiot, but: What does this actually, y'know, achieve? It seems the answer to me is probably nothing?

It doesn't work on Firefox. It appears not to work on Chrome. The suggestion is to use Edge, which on Windows already gets 4K support in Netflix anyway.

I suppose it will help if you're some kind of masochist who wants to run Edge on Mac and get 4K Netflix, which I assume is an install base of approximately zero people.

apt-apt-apt-apt•57m ago

Fellow idiot here, and the gist seems to be:

Here's a 4K enabler that only enables 4K where it's already enabled.

doctorpangloss•54m ago

i don't think it works! there's no mystery here...

Retr0id•47m ago

I can't vouch for this extension in particular (because I haven't tested it), but I've used and written similar extensions myself and can confirm that the concept is legit.

Moto7451•52m ago

I believe the benefit for Edge is faking HDCP 2.2.

duskwuff•41m ago

Then why does the extension try to fake a bunch of other properties, like the user agent and decoding capabilities, which should be redundant?

ctippett•42m ago

You misread the README. Although it suggests using Edge at the very bottom, the extension doesn't require it and actually spoofs Netflix into thinking it is Edge via changing the user-agent.

hug•38m ago

Did I, though?

I understand it spoofs all of the checks it can, but the only Chromium browser that supports Widevine L1 (a requirement for 4K) is Edge, so even if all of the check spoofing works, it still won't do 4K.

There's even a table in the README that describes this exact scenario.

ctippett•30m ago

I'm putting a lot of weight on this part from the README:

  > If you're paying for 4K but using Chrome, Firefox, or a setup Netflix doesn't "approve," you're stuck at 1080p or lower. This extension fixes that.

But I get the confusion though. I'm now second-guessing if I misread the README.

hug•11m ago

It's this section that puts the lie to the entire project: https://github.com/Pickle-Pixel/netflix-force-4k?tab=readme-...

It appears to only be useful on Edge on Windows.

Retr0id•1h ago

Awesome. As someone who has spent some time researching DRM systems, figuring out these "soft" restrictions before you can achieve playback in the first place is often more challenging than breaking the DRM itself.

Does Edge currently ship Widevine L1? Last time I checked it was Playready SL3000, but that was a while ago now.

nalekberov•1h ago

This is why piracy is gaining more and more traction lately.

llsf•58m ago

Disappointed to learn that it requires Edge, BUT very grateful for the investigation and write up ! That is why this is called Hacker News.

TacoCommander•51m ago

What is Edge? Is that something on the Microsoft?

JCattheATM•49m ago

Do a search and find out.

hermanzegerman•56m ago

I never get why those idiots make it harder for paying customers to watch content, than for those just torrenting it. It's the same with Amazon Prime Video which will get me a black screen on Linux or force me to SD Quality, while the torrented Movie runs just fine in 4K

Retr0id•53m ago

I've spent a long time wondering the same thing. The standard answer is that it's fallout from the anti-anti-piracy cat and mouse game. The more conspiratorial answer is that bandwidth is expensive and streaming sites will take any excuse to serve you a lower resolution than what you actually paid for, while still being able to say that they technically support 4K.

There are sensible-ish technical reasons why they can't deliver DRM'd 4K on linux, but when browser extensions can upgrade you to 4K there are no excuses on the technical level.

TacoCommander•52m ago

We need to divorce "corporate" from "tech"

reactordev•24m ago

Never going to happen. Tech came from corporate.

hermanzegerman•50m ago

The point is, people usually pay because it is more convenient for them than getting it illegally.

But when I have to fiddle around for 30 Minutes to see a picture (it worked before until it suddenly didn't work anymore), pirating the movie is suddenly the better option. Because I certainly don't see a point in paying and wasting more of my time.

And the piracy cat and mouse game is stupid, as in the End it's always Available illegaly, except for the people developing and selling DRM

stavros•42m ago

Bandwidth is only expensive if you're getting it from Amazon or Google. Cloudflare gives it away for free.

Retr0id•37m ago

Netflix is responsible for 15% of global internet traffic. That's expensive no matter how you slice it, and dropping that by a mere 1% is a huge saving.

stavros•34m ago

Hm, true. Then again, I don't know if that's worth the reputational hit. These subscribers are paying for 4K.

nitwit005•13m ago

Netflix does charge more for 4k, so they simply pass along the cost: https://help.netflix.com/en/node/24926

Retr0id•7m ago

Netflix still saves money when someone watches in a lower resolution.

michaelt•47m ago

Most users can't tell, and if you deliver the $18/month service while charging $25/month that's $7/month pure profit - money for nothing.

Cyph0n•42m ago

For Netflix specifically; it’s because the groups that rip 4K content from Netflix burn a device (i.e. a Widevine L1 key). This is why they typically release 4K Netflix shows in batches.

Here is a good thread on the topic: https://www.reddit.com/r/Piracy/comments/17ez7mi/how_come_it...

bigwheels•31m ago

Thank you for sharing the breadcrumb~

How does Netflix detect "suspicious" activity? Does $NFLX allow 4k streaming over GrapheneOS? If so, could you pin a different certificate and do some HTTP proxy traffic manipulation to obfuscate the device (presumably an Android phone) identity or otherwise work around the DRM?

I want to understand more about this but unfortunately the reddit thread is bits and pieces scattered amongst clueless commentary, making it challenging to wade through.

Cyph0n•18m ago

I honestly have no clue! This is just a tidbit I randomly learned about haha.

coppsilgold•12m ago

They can trace a torrented 4K piece of content to the device that ripped it using A/B watermarking.

See AWS offering: (and probably what they use for Prime Video, Netflix has their own)

  For large-scale per-viewer, implement a content identification strategy that allows you to trace back to specific clients, such as per-user session-based watermarking. With this approach, media is conditioned during transcoding and the origin serves a uniquely identifiable pattern of media segments to the end user. A session to a user-mapping service receives encrypted user ID information in the header or cookies of the request context and uses this information to determine the uniquely identifiable pattern of media segments to serve to the viewer. This approach requires multiple distinctly watermarked copies of content to be transcoded, with a minimum of two sets of content for A/B watermarking. Forensic watermarking also requires YUV decompression, so encoding time for 4K feature length content can take upwards of 20 hours. DRM service providers in the AWS Partner Network (APN) are available to aid in the deployment of per-viewer content forensics.

<https://docs.aws.amazon.com/wellarchitected/latest/streaming...>

They also use a traitor tracing scheme (Tardos codes) such that if multiple pirates get together to try and remove the watermark they will fail, you would need an unreasonably large number of pirates to succeed for some length of time.

Retr0id•10m ago

A DRM system is, abstractly, a black box that contains some initial static key material, which is used to identify+authenticate the device and load in more keys at runtime, typically over some network protocol. The DRM uses those dynamically provisioned keys to decrypt the content.

For hardware DRM schemes, the initial key material is typically provisioned during manufacturing.

Since the server-side is able to identify the client device, they can in theory fingerprint the content if they want to. That way if someone cracks and shares the content, they can look at the fingerprint and figure out which device (and which account) leaked it - and then ban them.

I've never seen direct evidence that Netflix fingerprints their 4K content (although I've never properly looked), so I suspect the device-burning thing might be a bit of an urban legend. But it is technically plausible.

karim79•24m ago

What I've noticed about Netflix's supposedly 4k content is that it looks like crap compared to the same show downloaded through illicit means (and viewed on Plex or something else).

What's the deal with Netflix's not-very-good 4k streams? Colour quantization or something? It's not just a one-off, why do 4k netflix shows look like rubbish compared to a moderately encoded whatever from bittorrent?

Saris•18m ago

Probably extreme compression, their 4K streams are very low bandwidth.

Cyph0n•9m ago

It depends. The most common reason is bitrate - the non-Netflix could have been ripped from another source (BD), or even from another service that has rights to the show in a different market (with higher bitrate).

The other trick some groups use is so-called hybrid releases. This involves combining video and audio from multiple sources to achieve the best possible quality. These are usually explicitly tagged as HYBRID, and afaik mostly applies to 4K remuxes.

aljgz•42m ago

It's simple: Lawyers creating market for themselves and other lawyers. A head of legal department at Netflix would have a better job and pay if ge has 50x more employees. Hence, the incentive to find ways to get involved in everything, even if it arguably hurts the company's revenue, let alone the rest of the market.

TacoCommander•53m ago

Let's go back to tangible media

https://www.rasputinmusic.com

https://www.amoeba.com/

JoshTriplett•28m ago

I would pay a non-trivial amount for a service that 1) bought a blu-ray on my behalf, 2) ripped it to a file, 3) gave me that file to download, once, and 4) after confirming I had it, shredded the blu-ray.

I don't want to copy things and distribute them to others. I want to have one copy that keeps working indefinitely and doesn't go away or fail to follow me across systems.

daft_pink•47m ago

Is anyone else reading this like WTF I pay for 4K and I dont actually get and I didn’t realize it!?!?!

stavros•42m ago

I'm reading this like "if I don't realize I'm not getting 4k, I don't need 4k".

ctippett•39m ago

If you're paying for 4K and you never notice whether what you're watching is actually in 4K, then I have a suggestion for how you can save some $

asyncadventure•25m ago

Great reverse-engineering work! This perfectly illustrates why DRM often fails at its intended goal - pirates eventually get perfect copies anyway, but paying customers end up with degraded experiences. The fact that you had to bypass multiple capability checks just to access content you're already paying for shows how backwards this approach is.

zb3•19m ago

Edge on Windows supports L1? I thought L1 requires secure hardware support.. is it about SGX or newer Windows devices have some anti-user crap builtin already?

zb3•12m ago

UPDATE: Apparently newer Intel CPUs have builtin support for PlayReady 3.0. What a beautiful anti-feature of the CPU..

How to Stop Ruminating

Show HN: Shelvy Books

Declassifying JUMPSEAT: an American pioneer in space

Video of man believed to be Alex Pretti with feds 11 days before his death [video]

When and why agent systems work

BGP Vortex: Update Message Floods Can Create Internet Instabilities [video]

Semiconductors will see an end of history (eventually)

Parall v2.0: A New Era of macOS Dock Customization Begins

Show HN: A linear-time approach to P vs. NP via Information Noise Subtraction

The AI bubble doesn't *require* AI

IonQ Acquires Seed Innovations to Make Quantum Computing Act Like Software

Poll: Trump voters support military intervention in more countries

Signs god is saying soon

It's incredible. It's terrifying. It's MoltBot

Death of an Indian Tech Worker

US Company Ubiquiti Aids Russian Military [video]

Show HN: Lexiso – Authorization layer for AI agents that spend money

Show HN: Vietnam Elections (open, source-linked datasets and site)

Coding agents are a new infrastructure primitive

Fork and Make

Show HN: Ignite – Run Firecracker Micro-VMs with a Docker-Like CLI (Rust)

The Artificial Man

Ask HN: Feature request: include the second path segment for GitHub URLs

LLMs sabotage existing programming practices by privatizing a public good

Show HN: Fast, private image compression in the browser using WASM

Web inventor Tim Berners-Lee says he is in a battle for the soul of the internet

Open Gaming Collective – Unified gaming-focused components for Linux ecosystem

Genesis Designed a Body-on-Frame Truck for the US

Kamaji: Containerized Control Planes for K8s

Maybe code was never the point